[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] SUPPORT.md: add Dom0less as Supported

To: Stefano Stabellini <sstabellini@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Julien Grall <julien@xxxxxxx>
Date: Wed, 14 Jul 2021 19:01:48 +0100
Cc: andrew.cooper3@xxxxxxxxxx, george.dunlap@xxxxxxxxxx, jbeulich@xxxxxxxx, iwj@xxxxxxxxxxxxxx, wl@xxxxxxx
Delivery-date: Wed, 14 Jul 2021 18:02:06 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Stefano,

On 14/07/2021 01:39, Stefano Stabellini wrote:

Add Dom0less to SUPPORT.md to clarify its support status. The feature is
mature enough and small enough to make it security supported.

Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxx>

diff --git a/SUPPORT.md b/SUPPORT.md
index 317392d8f3..c777f3da72 100644
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -832,6 +832,12 @@ OVMF firmware implements the UEFI boot protocol.

Status, qemu-xen: Supported+## Dom0less

+
+Guest creation from the hypervisor at boot without Dom0 intervention.
+
+    Status, ARM: Supported
+

After XSA-372, we will not scrubbed memory assigned to dom0less DomUwhen bootscrub=on. Do we want to exclude this combination or mentionthat XSAs will not be issued if the domU can read secret from unscrubbedmemory?


Cheers,

--
Julien Grall

Follow-Ups:
- Re: [PATCH] SUPPORT.md: add Dom0less as Supported
  - From: Stefano Stabellini

References:
- [PATCH] SUPPORT.md: add Dom0less as Supported
  - From: Stefano Stabellini

Prev by Date: Re: [PATCH v2] tools/libxc: use uint32_t for pirq in xc_domain_irq_permission
Next by Date: Re: [PATCH v2 13/13] SUPPORT.md: write down restriction of 32-bit tool stacks
Previous by thread: [PATCH] SUPPORT.md: add Dom0less as Supported
Next by thread: Re: [PATCH] SUPPORT.md: add Dom0less as Supported
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.