[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 3/6] xsm: enabling xsm to always be included
- To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
- From: Jan Beulich <jbeulich@xxxxxxxx>
- Date: Fri, 25 Jun 2021 08:39:00 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M3NN8DJ1vbxsCEj/kT4Qz5nhn1HnG55SPfFdvSNWPGw=; b=W1ZZEN4KbqAgNLKgIcxO+y+vCTyNdfZmZL4HZNJd3wz9VeLKpbrkNNNCcznGsjVlS63CrkGMrLUb3eKgkyihgILBGlnN0QniCY3FJoaX7tjDECyxYQyaUiOPqiAo+70f9xL8xBAyPugpDrWVt7xPI4f2czGxVYZV4ulOoZo0oHH38bdyMxyFRe9w086q6D4Uel2Rug/nz1/yOccPJo8SaH5bwpqf61vjgJMn76XKORwWSS01hMhFx23epI3q2WuUj31FMD5G2yCg0TXSCP+on9E/I4BIOD5kC+WowUI/7o2RWZ93ZHyMglP/FOgNq97oC0osGdnJ9gqqZRFeeuSRKw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OZDxlYapZIuCWoM73HK/OAFo+y5oX+H61x50/twog2bM/2p0GqB8oSlEWeBu0WTDtgcy7TbsVCZAuzKXIek8APuiphQcORKhlSy+Y1iDdp1ffeA0edMWbJX6OVt9rxP47CZ+SnW0tKMhBVrSnt0gnZcJrbIQ8G0O0gN5mBvnQiOsb+gLsesXfuqGwUZEO6FssHCMWoS6H7Mqm2RfzHY/XglYmtwYfP3TkanwxIUgYJyXlzfD4GNCj2JV6qaduI44XPOgxT+wyJCa+hEOZrjZaLvyXNtDh6WiauTLOtByai14O/cXJfLimmSjOMUHTqNVgFYkbqoCSRJ7zb+Uq4oW8Q==
- Authentication-results: citrix.com; dkim=none (message not signed) header.d=none;citrix.com; dmarc=none action=none header.from=suse.com;
- Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>, Petre Pircalabu <ppircalabu@xxxxxxxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, persaur@xxxxxxxxx, christopher.w.clark@xxxxxxxxx, adam.schwalm@xxxxxxxxxx, scott.davis@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- Delivery-date: Fri, 25 Jun 2021 06:39:20 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 24.06.2021 19:18, Daniel P. Smith wrote:
>
>
> On 6/21/21 2:53 AM, Jan Beulich wrote:
>> On 18.06.2021 18:35, Daniel P. Smith wrote:
>>> On 6/18/21 7:53 AM, Andrew Cooper wrote:
>>>> On 18/06/2021 00:39, Daniel P. Smith wrote:
>>>>> @@ -250,9 +261,8 @@ config XSM_FLASK_POLICY
>>>>> If unsure, say Y.
>>>>>
>>>>> config XSM_SILO
>>>>> - def_bool y
>>>>> + def_bool n
>>>>
>>>> I'm not sure we want to alter the FLASK/SILO defaults. SILO in
>>>> particular is mandatory on ARM, and without it, you're in a security
>>>> unsupported configuration.
>>> The intent here is the default is the classic dom0 configuration. What
>>> if I did,
>>>
>>> def bool n
>>> def bool y if ARM
>>
>> Besides it needing to be with the order of the two lines flipped, if
>> Arm requires XSM_SILO, then I think it would better "select" it.
>
>
> Ack, I realized that as I fixed it for the upcoming v2.
>
> Correct me if I am wrong but if you do a "select" that means you are
> forcing the user to always have SILO built in, i.e. that makes it so the
> option cannot be disabled. There may be users who would prefer to only
> have Flask enabled on ARM and those users would not be able to turn SILO
> off.
Yes, you're right. Problem is the (imo) malformed entry, which makes
it that I couldn't see the presence of a prompt anymore in the context
above. Well-formed (imo; I might also say "consistently formatted")
entries with a prompt ought to look like (taking your change into
account already, leaving aside whether that's really what we want)
config XSM_SILO
bool "SILO support"
default y if ARM
default n
Whether "depends" precedes or follows "default" is a less clear cut.
def_bool imo would better be used only for prompt-less entries.
Jan
|
