|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] XSM: add Kconfig option to override bootloader provided policy
On 28/11/17 18:06, Tamas K Lengyel wrote: > From: Tamas K Lengyel <lengyelt@xxxxxxxxxxxx> > > Currently the built-in XSM policy only gets used if there is no other policy > specified during boot. In this patch we add a Kconfig option to specify to > only > use built-in policy during boot. This is particularly important when booting > Xen through the shim to ensure the XSM policy gets measured and that it can't > be replaced by another unmeasured policy by the bootloader. Note that the XSM > policy can still be updated after boot (from dom0 for example) if the built-in > policy allows it. > > Signed-off-by: Tamas K Lengyel <lengyelt@xxxxxxxxxxxx> > --- > Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx> > Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> > Cc: Jan Beulich <jbeulich@xxxxxxxx> > Cc: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> > Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx> > Cc: Tim Deegan <tim@xxxxxxx> > Cc: Wei Liu <wei.liu2@xxxxxxxxxx> > Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> > Cc: openxt@xxxxxxxxxxxxxxxx > --- > xen/common/Kconfig | 14 ++++++++++++++ > xen/xsm/xsm_core.c | 2 ++ > 2 files changed, 16 insertions(+) > > diff --git a/xen/common/Kconfig b/xen/common/Kconfig > index 103ef44cb5..5ad0d03f37 100644 > --- a/xen/common/Kconfig > +++ b/xen/common/Kconfig > @@ -140,6 +140,20 @@ config XSM_POLICY > > If unsure, say Y. > > +config XSM_POLICY_OVERRIDE > + bool "Built-in security policy overrides bootloader provided policy" The overall change certainly looks good and it is obvious why it is a benefit. However, text/functionality like this is cognitively hard to follow, and _OVERRIDE isn't obviously as to its functionality at a glance. Wouldn't it be better to have XSM_BOOTLOADER_POLICY (or possibly XSM_ALLOW_?), which defaults to y, and can be forced off for extra security? ~Andrew > + default n > + depends on XSM && XSM_POLICY > + ---help--- > + Set this option to 'Y' to have the hypervisor ignore the security > + policy provided by the bootloader, and use ONLY the built-in > + security policy. > + > + This can be used to ensure only verified security policies are > + loaded during boot time. > + > + If unsure, say N. > + > config LATE_HWDOM > bool "Dedicated hardware domain" > default n > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |