[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v1 6/6] xsm: add tee access policy support



Hello Daniel,

On 23.08.18 01:44, DeGraaf, Daniel G wrote:
From: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>
Sent: Wednesday, August 22, 2018 10:12 AM

As we don't want any guest to access limited resources of TEE, we need a way to 
control who can work with it.

Thus, new access vector class "tee" is added with only ony operation "call" so 
far. tee framework uses this to check if guest has a right
to work with TEE.

Also, example security context domU_with_tee_t was added.
Are you planning to add more access vectors to this class in the future? 
Otherwise, it probably doesn't need its own class - since you use xen_t as the 
target, placing it in class xen/xen2 is preferred (like tmem and others are 
now).


At the moment I can't imagine any other vectors. Reason I created a new class is that it seemed wrong to me to use generic xen/xen2 class, because, strictly speaking, this vector have nothing to do with xen core.

But, if you think that it is appropriate to have vector "tee_call" in xen2 class, then I can move it there.

--
Volodymyr Babchuk

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.