Xen project Mailing List

[RFC PATCH 10/10] common/Kconfig: updating Kconfig for domain roles

From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Date: Fri, 14 May 2021 16:54:37 -0400

Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx> header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1621025184; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=wGvCSSkU+bbasgBbtH8pFrI6xBZiDUPG25gTuiiEgZg=; b=fzl33zqwkpAb35n+OFVABlbb2MnwJNaXTVp/HFeQw3T1k3Lf8Od9844KtkyVf4PCurUW0g+BuOuYBlyj5cGaC/LAYr4VAoF0U7HzwK315Yhdx2dIjaQNOCJY7qGGy7kbicnZ13b33jMQm2g7gTIGxlBF2riRHTWOnDm4p9o4ZJs=

Arc-seal: i=1; a=rsa-sha256; t=1621025184; cv=none; d=zohomail.com; s=zohoarc; b=am66yHbMEbvVXda4yV02AM7B3UfoQs94eod4/+Nbhecxu6jNtYb7wp3iFrALk6oLmjok8zUUdwmVqjy10Or7Ylca18JhynRYiUM+/mixQOEV4N3zBx0+eFMd3X3svlowZ7XuHY6KunsthH88cYM74UR4ngHpnd0a2o8YMDDgnCA=

Cc: sstabellini@xxxxxxxxxx, julien@xxxxxxx, Volodymyr_Babchuk@xxxxxxxx, andrew.cooper3@xxxxxxxxxx, george.dunlap@xxxxxxxxxx, iwj@xxxxxxxxxxxxxx, jbeulich@xxxxxxxx, wl@xxxxxxx, roger.pau@xxxxxxxxxx, tamas@xxxxxxxxxxxxx, tim@xxxxxxx, jgross@xxxxxxxx, aisaila@xxxxxxxxxxxxxxx, ppircalabu@xxxxxxxxxxxxxxx, dfaggioli@xxxxxxxx, paul@xxxxxxx, kevin.tian@xxxxxxxxx, dgdegra@xxxxxxxxxxxxx, adam.schwalm@xxxxxxxxxx, scott.davis@xxxxxxxxxx

Delivery-date: Fri, 14 May 2021 20:54:38 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

This adjusts the Kconfig system for the reorganizing of XSM by the introduction of domain roles. Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> --- xen/common/Kconfig | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 3064bf6b89..560ad274c4 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -199,11 +199,12 @@ config XENOPROF If unsure, say Y. -config XSM - bool "Xen Security Modules support" - default ARM +menu "Xen Security Modules" + +config XSM_POLICY + bool "XSM policy support" ---help--- - Enables the security framework known as Xen Security Modules which + Enables loadable policy support for Xen Security Modules which allows administrators fine-grained control over a Xen domain and its capabilities by defining permissible interactions between domains, the hypervisor itself, and related resources such as memory and @@ -214,7 +215,7 @@ config XSM config XSM_FLASK def_bool y prompt "FLux Advanced Security Kernel support" - depends on XSM + depends on XSM_POLICY ---help--- Enables FLASK (FLux Advanced Security Kernel) as the access control mechanism used by the XSM framework. This provides a mandatory access @@ -254,7 +255,6 @@ config XSM_FLASK_POLICY config XSM_SILO def_bool y prompt "SILO support" - depends on XSM ---help--- Enables SILO as the access control mechanism used by the XSM framework. This is not the default module, add boot parameter xsm=silo to choose @@ -278,6 +278,8 @@ choice bool "SILO" if XSM_SILO endchoice +endmenu + config LATE_HWDOM bool "Dedicated hardware domain" default n -- 2.20.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.