[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH] SUPPORT.md: add Dom0less as Supported
On Wed, 14 Jul 2021, Julien Grall wrote: > Hi Stefano, > > On 14/07/2021 01:39, Stefano Stabellini wrote: > > Add Dom0less to SUPPORT.md to clarify its support status. The feature is > > mature enough and small enough to make it security supported. > > > > Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxx> > > > > diff --git a/SUPPORT.md b/SUPPORT.md > > index 317392d8f3..c777f3da72 100644 > > --- a/SUPPORT.md > > +++ b/SUPPORT.md > > @@ -832,6 +832,12 @@ OVMF firmware implements the UEFI boot protocol. > > Status, qemu-xen: Supported > > +## Dom0less > > + > > +Guest creation from the hypervisor at boot without Dom0 intervention. > > + > > + Status, ARM: Supported > > + > > After XSA-372, we will not scrubbed memory assigned to dom0less DomU when > bootscrub=on. Do you mean *before* XSA-372, right? I thought the XSA-372 patches take care of the problem? > Do we want to exclude this combination or mention that XSAs will > not be issued if the domU can read secret from unscrubbed memory? I could say that if bootscrub=off then we won't issue XSAs for domUs reading secrets from unscrubbed memory. But it is kind of obvious anyway? I am happy to add it if you think it is good to clarify.
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |