[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH] XSM: add Kconfig option to override bootloader provided policy
- To: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
- Date: Tue, 28 Nov 2017 13:51:37 -0500
- Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Tamas K Lengyel <lengyelt@xxxxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, openxt@xxxxxxxxxxxxxxxx, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>
- Delivery-date: Tue, 28 Nov 2017 18:53:12 +0000
- Ironport-phdr: 9a23:mmhD3xMQdI3ZA/hUTmwl6mtUPXoX/o7sNwtQ0KIMzox0K/n7pcbcNUDSrc9gkEXOFd2CrakV26yO6+jJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fdbghMhzexe69+IAmrpgjNq8cahpdvJLwswRXTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Qiqp4bt1RxD0iScHLz85/3/Risxsl6JQvRatqwViz4LIfI2ZMfxzca3HfdMeWGFPQMBfWSJcCY+4docDEfYNMeNeooLgpVUBsAG+CBGxCu3xxD9Ghnz406M03OsuEw7JwAMuEskSsHnWttj5KLseXO63waTO0D7Nb+lW2TD46IXQfB4uu/eMXbNufsrV1EIhGR3KhUiRp4z/JTyazOoNuHWc4uV9WuKglnAoqw5roje13coslonIiZ4VylDD7yl5xp01KseiRE50Zt6kDoJduieHPIV1WsMvW3xktSk1x7EcuZO3YTIGxIooyhLBcfCLbo6F6Q/5WumLOzd3nndldaq6hxa17Eev1PXxVtKx0FZWtipFlcTMtmwV2xzT9MeHTvx981+92TmVzQDT6/xEIVsumarHK58u3r4wlp0JvUTFAiD2g1n5gLWTdkUl/uik8+XnYrP4qZ+AL4J4lw7zP6s0lsG/HOg0KBYCUmeF9eimybHv5Uj5T69Ljv0ynKnZqpfaJcEDq6GkDA9az5gs6xmlDzi8y9kYgXkGI05FeBKAlYTpPUrOL+riAfewhFSsji9nx+raMb35HpXNMn/Dna/9fbln7k5T0hEzwMtD55JXDrEOPvTzWkDxtdPGCh81KRC7w+HiCN9lzIMRRXqPArOFMKPVqVKJ6fwgI++VaIAIpjn9NeYq5/r1gH89mF8dZrWp3YANZHG3APtmJV2ZYWDrgtcDD2gFohY+QPbtiF2YXj5Zf2yyUL4k5jEnFIKmCp/ORoSzj7yH0ye6HoNZZmRaCl2XC3jodoOEW/kLaCKJPMBujiYIWqSmS48kzRuurhP1y6J7LurI/S0VrYjs1N5o6O3Jix4z+yZ4ANia02GKV2F7gHkISjEt0a9joEx91k2D0al3gvBCCdNT4PZJWB8gNZHA1+x6F8zyWgXZc9mIVlmmRc+mAT4vQd4rzdEOfkB9G9G4gRDbxCelHaIVm6aXC5w17qLcxXnxJslnx3na06khikEsQtFTOm2+mq5/6w/TCpbIk0qDkaamb6Yc0zTR+2eA1mqOu0dYXRVuXqXYR3wQekrWrcjj5kPDQL6iE6goMgxEycSaMKtFdsXpjUlaRPfkINneYXm+lHmtBRaMx7ODcIrqdn4G3CXAE0gLjRof8mqBNQg7Hi2huX7RDCRyFVLzZEPh6ep+qHS9Tk8u1Q6Fcldt1rS0+h4RhvyRUPQT3qgetyg9rzV7Akyx0M7RC9qFvwBhZrlTYcsh4Fdb0mLUrxd9Poe8L694nVERbQB3v0fv1xVxC4VNissqo20wzAp0N62Y1ElNdzSC3ZD/IrfXMHX9/Aiza67K3VHTyMqW+qYK6PkjpFTsogepGlAl83V93Nlfy2Gc6YnSDAoOTZLxVV469hZkqLHbeCU944LU1WByPaSvrjDC2s4pBPEkyhevZdtQLKSEFArqGc0AG8euMPAqm0Subh8cO+BS7LA7P8Wpdvuaw6OrM+FgnDWpjWRD/o993ViM9y1hSu7QxJYJ2e2X3gyCV2S0sFD0jsnykJsMRnk2E2yw2CXgTNpNb6h7Zq4XCmOjJcKmy9E4jJnoDToQ5FOlQl8LxsKtUR6TdEDmmx1d01wNpn6qkjf+yCZ7wB8zqa/K8CXIwunmPDYKckFRTWBsxQPgLoS5gMoTdFS5ZAgu0h2+7AD1wLYN9/c3FHXaXUodJ3u+FGplSKbl8+PYO8M=
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 11/28/2017 01:06 PM, Tamas K Lengyel wrote:
From: Tamas K Lengyel <lengyelt@xxxxxxxxxxxx>
Currently the built-in XSM policy only gets used if there is no other policy
specified during boot. In this patch we add a Kconfig option to specify to only
use built-in policy during boot. This is particularly important when booting
Xen through the shim to ensure the XSM policy gets measured and that it can't
be replaced by another unmeasured policy by the bootloader. Note that the XSM
policy can still be updated after boot (from dom0 for example) if the built-in
policy allows it.
Signed-off-by: Tamas K Lengyel <lengyelt@xxxxxxxxxxxx>
Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
