[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Booting signed xen.efi through shim

To: "Tamas K Lengyel" <tamas@xxxxxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Fri, 22 Sep 2017 02:25:46 -0600
Cc: "miodownikj@xxxxxxxxxxxx" <miodownikj@xxxxxxxxxxxx>, Daniel Kiper <daniel.kiper@xxxxxxxxxx>, openxt@xxxxxxxxxxxxxxxx, George Dunlap <george.dunlap@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Fri, 22 Sep 2017 08:25:53 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 22.09.17 at 00:46, <tamas@xxxxxxxxxxxxx> wrote:
> One piece that I see still missing is the Xen command line parameters
> not being verified. It would be ideal to have the option to get that
> set during compile time as well, similar to Linux's CONFIG_CMDLINE
> option, to avoid for example getting iommu or XSM being turned off by
> someone with physical access.

We do have CMDLINE and CMDLINE_OVERRIDE. But for someone
with physical access it would likely also be possible to avoid secure
boot altogether?

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] Booting signed xen.efi through shim
  - From: Daniel Kiper
- Re: [Xen-devel] Booting signed xen.efi through shim
  - From: Tamas K Lengyel

References:
- Re: [Xen-devel] Booting signed xen.efi through shim
  - From: Jan Beulich
- Re: [Xen-devel] Booting signed xen.efi through shim
  - From: Tamas K Lengyel
- Re: [Xen-devel] Booting signed xen.efi through shim
  - From: Jan Beulich
- Re: [Xen-devel] Booting signed xen.efi through shim
  - From: Tamas K Lengyel
- Re: [Xen-devel] Booting signed xen.efi through shim
  - From: Jan Beulich
- Re: [Xen-devel] Booting signed xen.efi through shim
  - From: Tamas K Lengyel
- Re: [Xen-devel] Booting signed xen.efi through shim
  - From: Jan Beulich
- Re: [Xen-devel] Booting signed xen.efi through shim
  - From: Tamas K Lengyel
- Re: [Xen-devel] Booting signed xen.efi through shim
  - From: Jan Beulich
- Re: [Xen-devel] Booting signed xen.efi through shim
  - From: Tamas K Lengyel
- Re: [Xen-devel] Booting signed xen.efi through shim
  - From: Daniel Kiper
- Re: [Xen-devel] Booting signed xen.efi through shim
  - From: Tamas K Lengyel

Prev by Date: [Xen-devel] [PATCH 27/27 v10] xen/arm: vpl011: Correct the logic for asserting/de-asserting SBSA UART TX interrupt
Next by Date: Re: [Xen-devel] [PATCH v8 13/15] xen: make grant resource limits per domain
Previous by thread: Re: [Xen-devel] Booting signed xen.efi through shim
Next by thread: Re: [Xen-devel] Booting signed xen.efi through shim
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.