[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Differentiating "For experts only" and "Not security supported" in Kconfig

  • To: Demi Marie Obenour <demiobenour@xxxxxxxxx>, Xen developer discussion <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: "Orzel, Michal" <michal.orzel@xxxxxxx>
  • Date: Fri, 5 Sep 2025 08:51:04 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=gmail.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Gw8OpFmjYlLvB4ag+NUsAeV5I9duKpiiR0K6V3keekU=; b=rWUGBcJT7lYu8u8h1/SwsMY47/LfmHaETXkrak5Jd2px7oEDYYHH8LEfajJe3SBfVLiKXMBBM/zO7GqoCTBOUZR5aEygACwK2qdF777DzVo67BA5ezEb9/ssKSjNr9Klay+fPHUAuxXSxSuzXb+fme7nogKY0qXdNhQXHQIIpBlqzyxx4UzyEctyamPDGwUYZjaNRbiEtwGIxRwCCde3rIHk0fgGcHIvxPSIFv2bp3KCowz6n/yKhKfM3+4EfbpbeGJ5k2I1Xrd0wPkYGgMVzV/i5XT0SsxX0ncUcUMuLmcw2t3CWnKMzL4KxGPSWSSV8g+lzf/IwNtWzFhKavvx3w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qqvYLna2QzK1Qx9X6Y/R28oj33gZeu2AdSnDLKMTvvWtvpPSKTjvNvSufc+QLVZXnmmAXzc8Hr6cwtt/8dsYuB+iu2c1lJRfkddOUqNDSDPcl9PhZxJrUaQlaOIKobsJ1bPkWpNWhTLWfV/9E1MoHsP2DCBwO6Zi5dJSQGBdougeXqxZHlBsibuY6Cx+B6X0w0YsP7SH/m228PXnCwacDF3O8bz1Ask8WEMDLXE6FBr2jl1JJmlnNI0FsTk7XPGcrw9UwohmHmeYwbaMbi7VX5MqmB7470+AvirK6Spo4MbgM4mQ/BK0y3xoTSQWYXn15Afbd/dAIpTa1mHEOu210Q==
  • Delivery-date: Fri, 05 Sep 2025 06:51:20 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 05/09/2025 05:47, Demi Marie Obenour wrote:
> Right now, both EXPERT and UNSUPPORTED options are
> not security supported.  However, this seems to be
> causing problems for safety-certified use-cases.
> 
> Specifically, disabling AMD or Intel support is certainly
> something that should fall under EXPERT IMO, as it is a
> great way to produce a Xen binary that will not boot on
> a large fraction of hardware.  However, I see no fundamental
> reason it should not be security supported.  Not security
> supporting it means that those producing safety-certified
> builds of Xen (which, presumably, are some of the most
> security-critical there are!) are having to use
> security-unsupported configurations.
> 
> This definitely does not seem right to me.  Safety
> certification and security support should go hand in hand,
> not conflict with each other!  Is there a plan to address this?
What makes you say that? Functional safety and security, although often
intertwined differ in focus areas and objectives. Functional safety aims
at reducing the risk of unintended hazards caused by malfunction of system
components, whereas security is about reducing the risk of intentional threats.
There are different standards for safety and security. Current AMD safety work
focuses on ISO26262 and IEC61508 but there are security standards like ISO/SAE
21434.

~Michal

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.