[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] XSM: add Kconfig option to override bootloader provided policy

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
From: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>
Date: Tue, 28 Nov 2017 12:04:56 -0700
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Tamas K Lengyel <lengyelt@xxxxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, openxt <openxt@xxxxxxxxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Delivery-date: Tue, 28 Nov 2017 19:05:44 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, Nov 28, 2017 at 12:00 PM, Andrew Cooper
<andrew.cooper3@xxxxxxxxxx> wrote:
> On 28/11/17 18:06, Tamas K Lengyel wrote:
>> From: Tamas K Lengyel <lengyelt@xxxxxxxxxxxx>
>>
>> Currently the built-in XSM policy only gets used if there is no other policy
>> specified during boot. In this patch we add a Kconfig option to specify to 
>> only
>> use built-in policy during boot. This is particularly important when booting
>> Xen through the shim to ensure the XSM policy gets measured and that it can't
>> be replaced by another unmeasured policy by the bootloader. Note that the XSM
>> policy can still be updated after boot (from dom0 for example) if the 
>> built-in
>> policy allows it.
>>
>> Signed-off-by: Tamas K Lengyel <lengyelt@xxxxxxxxxxxx>
>> ---
>> Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
>> Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
>> Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
>> Cc: Jan Beulich <jbeulich@xxxxxxxx>
>> Cc: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
>> Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>
>> Cc: Tim Deegan <tim@xxxxxxx>
>> Cc: Wei Liu <wei.liu2@xxxxxxxxxx>
>> Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
>> Cc: openxt@xxxxxxxxxxxxxxxx
>> ---
>>  xen/common/Kconfig | 14 ++++++++++++++
>>  xen/xsm/xsm_core.c |  2 ++
>>  2 files changed, 16 insertions(+)
>>
>> diff --git a/xen/common/Kconfig b/xen/common/Kconfig
>> index 103ef44cb5..5ad0d03f37 100644
>> --- a/xen/common/Kconfig
>> +++ b/xen/common/Kconfig
>> @@ -140,6 +140,20 @@ config XSM_POLICY
>>
>>         If unsure, say Y.
>>
>> +config XSM_POLICY_OVERRIDE
>> +     bool "Built-in security policy overrides bootloader provided policy"
>
> The overall change certainly looks good and it is obvious why it is a
> benefit.  However, text/functionality like this is cognitively hard to
> follow, and _OVERRIDE isn't obviously as to its functionality at a glance.
>
> Wouldn't it be better to have XSM_BOOTLOADER_POLICY (or possibly
> XSM_ALLOW_?), which defaults to y, and can be forced off for extra security?
>

I'm certainly open to alternate naming suggestions. The current one is
based on an existing option that implements a similar feature with
this naming (CMDLINE_OVERRIDE), while the XSM_POLICY part is from the
existing XSM_POLICY option.

Tamas

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] XSM: add Kconfig option to override bootloader provided policy
  - From: George Dunlap

References:
- [Xen-devel] [PATCH] XSM: add Kconfig option to override bootloader provided policy
  - From: Tamas K Lengyel
- Re: [Xen-devel] [PATCH] XSM: add Kconfig option to override bootloader provided policy
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [PATCH] xen/arm: domain_builder: irq sanity check logic fix
Next by Date: [Xen-devel] Commit moratorium for branching Xen 4.10
Previous by thread: Re: [Xen-devel] [PATCH] XSM: add Kconfig option to override bootloader provided policy
Next by thread: Re: [Xen-devel] [PATCH] XSM: add Kconfig option to override bootloader provided policy
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.