[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 3/6] xsm: enabling xsm to always be included
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 24 Jun 2021 13:18:00 -0400
- Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1624555168; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=yZyPrGS+9kVuE3ObNTJW3JxOpqrFNV+fuzYelEs9TOc=; b=VA2iT+UH4GS+baJUGhVet8VHYBIne/BrMS8KIBO/ZVhX5dEQY6cozzHrK7REv2sUrxuCJy8B9Bq2meFOvFDm0Bxaq1o2tZh4rVnOd9EpjyZN8jz+7J39yPqbMwwsPGsGVT4Q5QHOb/BJshE1WERdQ1SCgC4WJplbtW0nCWXBDqo=
- Arc-seal: i=1; a=rsa-sha256; t=1624555168; cv=none; d=zohomail.com; s=zohoarc; b=en9Nl1hEPxBjl04S36MyuRPlcSswqNvJCqam4v0a/c6y/efDVpkdHg4CzU3I46egcJ+yCn11GjCKRgCClpmwJu+hiyLFx0ejwsPJuXDaw41fjX4LLSZF3CczS4U+LVROjxm8vwX98c9Q0UuhP4bEmcci4aB4wCdA0ek6YvtyogQ=
- Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>, Petre Pircalabu <ppircalabu@xxxxxxxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, persaur@xxxxxxxxx, christopher.w.clark@xxxxxxxxx, adam.schwalm@xxxxxxxxxx, scott.davis@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- Delivery-date: Thu, 24 Jun 2021 17:20:01 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 6/21/21 2:53 AM, Jan Beulich wrote:
On 18.06.2021 18:35, Daniel P. Smith wrote:
On 6/18/21 7:53 AM, Andrew Cooper wrote:
On 18/06/2021 00:39, Daniel P. Smith wrote:
@@ -250,9 +261,8 @@ config XSM_FLASK_POLICY
If unsure, say Y.
config XSM_SILO
- def_bool y
+ def_bool n
I'm not sure we want to alter the FLASK/SILO defaults. SILO in
particular is mandatory on ARM, and without it, you're in a security
unsupported configuration.
The intent here is the default is the classic dom0 configuration. What
if I did,
def bool n
def bool y if ARM
Besides it needing to be with the order of the two lines flipped, if
Arm requires XSM_SILO, then I think it would better "select" it.
Ack, I realized that as I fixed it for the upcoming v2.
Correct me if I am wrong but if you do a "select" that means you are
forcing the user to always have SILO built in, i.e. that makes it so the
option cannot be disabled. There may be users who would prefer to only
have Flask enabled on ARM and those users would not be able to turn SILO
off.
v/r,
dps
|
