[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Xen XSM/FLASK policy, grub defaults, etc.

On 27.05.2020 18:08, George Dunlap wrote:
>> On May 27, 2020, at 4:41 PM, Ian Jackson <ian.jackson@xxxxxxxxxx> wrote:
>> The Xen tools build system builds a FLASK policy by default.  It does
>> this even if the hypervisor build for XSM is disabled.
>> I recently sent patches upstream to grub to support XSM in
>> update-grub.  update-grub is the program which examines your /boot and
>> generates appropriate bootloader entries.  My merge request
>>  https://salsa.debian.org/grub-team/grub/-/merge_requests/18
>> finds XSM policy files, and when theya are found, generates "XSM
>> enabled" bootloader entries. [1]
>> The result of these two things together is that a default build of
>> grub will result in these "XSM enabled" bootloader entries.  In
>> practice I think these entries will boot because everything ignores
>> the additional XSM policy file (!) and Xen ignores the
>> "flask=enforcing" option (!!)
>> This is not particularly good.  Offering people an "XSM enabled"
>> option which does nothing is poor because it might think they have the
>> extra security but actually significantly more steps are needed.  But
>> there doesn't appear to be any way for update-grub to tell whether a
>> particular hypervisor does support XSM or not.
>> I think the following changes would be good:
>> 1. Xen should reject "flask=enforcing" if it is built without FLASK
>> support, rather than ignoring it.  This will ensure users are not
>> misled by these boot options since they will be broken.
> +1

Yeah, probably better indeed, despite the current behavior being
documented correctly. I'll make a patch.




Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.