[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] SUPPORT.md: split XSM from Flask

  • To: "Jan Beulich" <jbeulich@xxxxxxxx>
  • From: Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 30 Jul 2024 07:37:56 -0400
  • Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1722339483; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=PvnRetwX0f8CpuOHuXbaTB1vKIy4u7RL8rIG58UWOUU=; b=VdCNngthCF+kePiuJVN1k4sol58Wh7uHsQz+DgJnE/EJHMZE+yhfaOkQosqJ+lk0jtPKVhlod59H1nKRta/ohkGS+GB+ZJBtq+KX5hMLumpgKHKAQcQApz9FHxzxb54bSXF0L3CyiWisVG+elGAuQFF1VNJNA5yHfBP/x9jvrhs=
  • Arc-seal: i=1; a=rsa-sha256; t=1722339483; cv=none; d=zohomail.com; s=zohoarc; b=Jjbtz1/mxkRYC7/0pPTRdgwgzpsVoOSCWgetmM3yKCGOLSm+MLYNH6fKsH2eWNbNnDAD+DreyoAHDElBT4IMR7VdpoIErts2MWPyJXQ89QLzEuAIpiMRrYJh47xpUpPCwufwBy3TK5QM7m9PSetZ5Pa079OBhxszQt4jZp8/vkQ=
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>, "Julien Grall" <julien@xxxxxxx>, "Stefano Stabellini" <sstabellini@xxxxxxxxxx>
  • Delivery-date: Tue, 30 Jul 2024 11:38:19 +0000
  • Importance: Medium
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
---- On Tue, 30 Jul 2024 06:57:08 -0400 Jan Beulich  wrote ---

 > XSM is a generic framework, which in particular is also used by SILO. 
 > With this it can't really be experimental: Arm enables SILO by default. 
 >  
 > Signed-off-by: Jan Beulich jbeulich@xxxxxxxx> 
 >  
 > --- a/SUPPORT.md 
 > +++ b/SUPPORT.md 
 > @@ -768,13 +768,20 @@ Compile time disabled for ARM by default 
 >  
 >  Status, x86: Supported, not security supported 
 >  
 > -### XSM & FLASK 
 > +### XSM 
 > + 
 > +    Status: Supported 
 > + 
 > +See below for use with FLASK and SILO.  The dummy implementation is covered 
 > here 
 > +as well. 
 > + 
 > +### XSM + FLASK 

To me it would make more sense to say XSM FLASK Policy than XSM + FLASK.

 >  Status: Experimental 
 >  
 >  Compile time disabled by default. 
 >  
 > -Also note that using XSM 
 > +Also note that using FLASK 
 >  to delegate various domain control hypercalls 
 >  to particular other domains, rather than only permitting use by dom0, 
 >  is also specifically excluded from security support for many hypercalls. 
 > @@ -787,6 +794,10 @@ Please see XSA-77 for more details. 
 >  The default policy includes FLASK labels and roles for a "typical" 
 > Xen-based system 
 >  with dom0, driver domains, stub domains, domUs, and so on. 
 >  
 > +### XSM + SILO 

Same here, XSM SILO Policy.

 > +    Status: Supported 
 > + 
 >  ## Virtual Hardware, Hypervisor 
 >  
 >  ### x86/Nested PV 
 > 

v/r,
dps

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.