[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v1 6/6] xsm: add tee access policy support
Hello Daniel, On 23.08.18 01:44, DeGraaf, Daniel G wrote: From: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx> Sent: Wednesday, August 22, 2018 10:12 AM As we don't want any guest to access limited resources of TEE, we need a way to control who can work with it. Thus, new access vector class "tee" is added with only ony operation "call" so far. tee framework uses this to check if guest has a right to work with TEE. Also, example security context domU_with_tee_t was added.Are you planning to add more access vectors to this class in the future? Otherwise, it probably doesn't need its own class - since you use xen_t as the target, placing it in class xen/xen2 is preferred (like tmem and others are now). At the moment I can't imagine any other vectors. Reason I created a new class is that it seemed wrong to me to use generic xen/xen2 class, because, strictly speaking, this vector have nothing to do with xen core. But, if you think that it is appropriate to have vector "tee_call" in xen2 class, then I can move it there. -- Volodymyr Babchuk _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |