[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 3/6] xsm: enabling xsm to always be included
- To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
- From: Jan Beulich <jbeulich@xxxxxxxx>
- Date: Mon, 21 Jun 2021 08:53:18 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RtwSiBQbdc9hHT/mQAjV1D2ovZ6TtLU975rgOZo9QIc=; b=jK1Xv2SaU1hLHeJMKe8L9E5RLOwsKvCMZWiegrjXlstCnOs2LMcVD2AncO4XGsb28SiA4CIkvBOEAc+dKlKACK/u+9v+siacOBxIlNb9AFeN5EIU88JqCG+wng5zlMAUwfZgTL0FEMdGTJCxH5+2u09/dseu7tpIGks3Rn5xTIFHbWH5UIC0w2iGCh6N2gpVnbgxfq8EgfgNnnoWvoOTo/23QoLgDPv4TvNzwEtZfvbYGnCwP0NkdsvtalZ/UxzU/cmTy8OA+cGiJ/XLWrk62tcgc0Rict4Lkrjx7WABaVViGdjY3hICI0Lz5W/mX0jguIuTMkxmEqmHBxWFYWrcqA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=djAl4iIIR9yiCSDJuRvV7+iJ8zLjCjBMz1SNkgrcXX7/nexs7tN6oiNdV6DlqneZ+mOPHBlf1rPhMFwebsOQ4WiEYozVvzk+IiKC+utFAoxQtjr+hhqmUAFUNwxytgE/IjwRbK5V1I2yv0JkwDkwkPW6evCcAiTj8ohW7jYoBp/b4N0urF1AW1ouGYAMeowCG/5RRwJZHt2zqEkeEgL3eTno5ITTTUbEk6IG2Qw1VpdNhXAj3qzt/5LBLzjfYCOsbucMVzi81WSjwgRac8aRtDC1FY1Xf69TURCxt7eoNicmJ6hnxEupUmi2dRx9OX0l2JM1F/Te/qY6GphqQhmJkA==
- Authentication-results: citrix.com; dkim=none (message not signed) header.d=none;citrix.com; dmarc=none action=none header.from=suse.com;
- Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>, Petre Pircalabu <ppircalabu@xxxxxxxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, persaur@xxxxxxxxx, christopher.w.clark@xxxxxxxxx, adam.schwalm@xxxxxxxxxx, scott.davis@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- Delivery-date: Mon, 21 Jun 2021 06:53:32 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 18.06.2021 18:35, Daniel P. Smith wrote:
> On 6/18/21 7:53 AM, Andrew Cooper wrote:
>> On 18/06/2021 00:39, Daniel P. Smith wrote:
>>> @@ -250,9 +261,8 @@ config XSM_FLASK_POLICY
>>> If unsure, say Y.
>>>
>>> config XSM_SILO
>>> - def_bool y
>>> + def_bool n
>>
>> I'm not sure we want to alter the FLASK/SILO defaults. SILO in
>> particular is mandatory on ARM, and without it, you're in a security
>> unsupported configuration.
> The intent here is the default is the classic dom0 configuration. What
> if I did,
>
> def bool n
> def bool y if ARM
Besides it needing to be with the order of the two lines flipped, if
Arm requires XSM_SILO, then I think it would better "select" it.
Jan
|
