[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 4/4] Disallow most command-line options when lockdown mode is enabled

To: Teddy Astie <teddy.astie@xxxxxxxxxx>
From: Kevin Lampis <kevin.lampis@xxxxxxxxx>
Date: Mon, 12 May 2025 20:55:27 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 12 May 2025 19:55:50 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, May 12, 2025 at 12:48 PM Teddy Astie <teddy.astie@xxxxxxxxxx> wrote:
>
>What makes max_cstate / dom0-max-vcpus / dom0-mem specifically unsafe ?

These arguments are all allowed. The *_secure_param macros mean the argument is
safe for lockdown mode.

Making PCI passthrough safe for secure boot will be handled in a
different patch.

References:
- [PATCH 0/4] Add lockdown mode
  - From: Kevin Lampis
- [PATCH 4/4] Disallow most command-line options when lockdown mode is enabled
  - From: Kevin Lampis
- Re: [PATCH 4/4] Disallow most command-line options when lockdown mode is enabled
  - From: Teddy Astie

Prev by Date: Re: [PATCH 0/4] Add lockdown mode
Next by Date: Re: [PATCH v2 5/6] xen/arm: exclude xen,reg from domU extended regions
Previous by thread: Re: [PATCH 4/4] Disallow most command-line options when lockdown mode is enabled
Next by thread: Re: [PATCH 0/4] Add lockdown mode
Index(es):
- Date
- Thread

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.