[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] XSM: add Kconfig option to override bootloader provided policy
On Tue, Nov 28, 2017 at 12:00 PM, Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote: > On 28/11/17 18:06, Tamas K Lengyel wrote: >> From: Tamas K Lengyel <lengyelt@xxxxxxxxxxxx> >> >> Currently the built-in XSM policy only gets used if there is no other policy >> specified during boot. In this patch we add a Kconfig option to specify to >> only >> use built-in policy during boot. This is particularly important when booting >> Xen through the shim to ensure the XSM policy gets measured and that it can't >> be replaced by another unmeasured policy by the bootloader. Note that the XSM >> policy can still be updated after boot (from dom0 for example) if the >> built-in >> policy allows it. >> >> Signed-off-by: Tamas K Lengyel <lengyelt@xxxxxxxxxxxx> >> --- >> Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> >> Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx> >> Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> >> Cc: Jan Beulich <jbeulich@xxxxxxxx> >> Cc: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> >> Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx> >> Cc: Tim Deegan <tim@xxxxxxx> >> Cc: Wei Liu <wei.liu2@xxxxxxxxxx> >> Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> >> Cc: openxt@xxxxxxxxxxxxxxxx >> --- >> xen/common/Kconfig | 14 ++++++++++++++ >> xen/xsm/xsm_core.c | 2 ++ >> 2 files changed, 16 insertions(+) >> >> diff --git a/xen/common/Kconfig b/xen/common/Kconfig >> index 103ef44cb5..5ad0d03f37 100644 >> --- a/xen/common/Kconfig >> +++ b/xen/common/Kconfig >> @@ -140,6 +140,20 @@ config XSM_POLICY >> >> If unsure, say Y. >> >> +config XSM_POLICY_OVERRIDE >> + bool "Built-in security policy overrides bootloader provided policy" > > The overall change certainly looks good and it is obvious why it is a > benefit. However, text/functionality like this is cognitively hard to > follow, and _OVERRIDE isn't obviously as to its functionality at a glance. > > Wouldn't it be better to have XSM_BOOTLOADER_POLICY (or possibly > XSM_ALLOW_?), which defaults to y, and can be forced off for extra security? > I'm certainly open to alternate naming suggestions. The current one is based on an existing option that implements a similar feature with this naming (CMDLINE_OVERRIDE), while the XSM_POLICY part is from the existing XSM_POLICY option. Tamas _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |