[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 2/2] xen: convert XSM_ENABLE to Kconfig

On 22/12/15 16:26, Doug Goldstein wrote:
Converts the existing XSM_ENABLE flag from Config.mk to CONFIG_XSM
within Kconfig. This also re-adds the dependency of CONFIG_FLASK on

CC: Keir Fraser <keir@xxxxxxx>
CC: Jan Beulich <jbeulich@xxxxxxxx>
CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Signed-off-by: Doug Goldstein <cardoe@xxxxxxxxxx>

The dependencies for LATE_HWDOM are backwards: it is an optional X86-only
feature (which probably should be off by default) that depends on XSM to
work properly.

How about this for the help text:

Allows the creation of a dedicated hardware domain distinct from
domain 0 that manages devices without needing access to other
privileged functionality such as the ability to manage domains.
This requires that the actual domain 0 be a stub domain that
constructs the actual hardware domain instead of initializing the
hardware itself.  Because the hardware domain needs access to
hypercalls not available to unprivileged guests, an XSM policy
is required to properly define the privilege of these domains.

This feature does nothing if the "hardware_dom" boot parameter is
not present.  If this feature is being used for security, it should
be combined with an IOMMU in strict mode.

If unsure, say N.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.