[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] XSM: add Kconfig option to override bootloader provided policy

From: Tamas K Lengyel <lengyelt@xxxxxxxxxxxx>

Currently the built-in XSM policy only gets used if there is no other policy
specified during boot. In this patch we add a Kconfig option to specify to only
use built-in policy during boot. This is particularly important when booting
Xen through the shim to ensure the XSM policy gets measured and that it can't
be replaced by another unmeasured policy by the bootloader. Note that the XSM
policy can still be updated after boot (from dom0 for example) if the built-in
policy allows it.

Signed-off-by: Tamas K Lengyel <lengyelt@xxxxxxxxxxxx>
---
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Cc: Jan Beulich <jbeulich@xxxxxxxx>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Cc: Tim Deegan <tim@xxxxxxx>
Cc: Wei Liu <wei.liu2@xxxxxxxxxx>
Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Cc: openxt@xxxxxxxxxxxxxxxx
---
 xen/common/Kconfig | 14 ++++++++++++++
 xen/xsm/xsm_core.c |  2 ++
 2 files changed, 16 insertions(+)

diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 103ef44cb5..5ad0d03f37 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -140,6 +140,20 @@ config XSM_POLICY
 
          If unsure, say Y.
 
+config XSM_POLICY_OVERRIDE
+       bool "Built-in security policy overrides bootloader provided policy"
+       default n
+       depends on XSM && XSM_POLICY
+       ---help---
+         Set this option to 'Y' to have the hypervisor ignore the security
+         policy provided by the bootloader, and use ONLY the built-in
+         security policy.
+
+         This can be used to ensure only verified security policies are
+         loaded during boot time.
+
+         If unsure, say N.
+
 config LATE_HWDOM
        bool "Dedicated hardware domain"
        default n
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index 08994ee7a1..2d5c1d3fec 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -39,7 +39,9 @@ static inline int verify(struct xsm_operations *ops)
 static int __init xsm_core_init(const void *policy_buffer, size_t policy_size)
 {
 #ifdef CONFIG_XSM_POLICY
+#ifndef CONFIG_XSM_POLICY_OVERRIDE
     if ( policy_size == 0 )
+#endif
     {
         policy_buffer = xsm_init_policy;
         policy_size = xsm_init_policy_size;
-- 
2.14.2


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.