[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] SUPPORT.md: add Dom0less as Supported

Hi Stefano,

On 15/07/2021 00:48, Stefano Stabellini wrote:

Add Dom0less to SUPPORT.md to clarify its support status. The feature is
mature enough and small enough to make it security supported.
I would suggest to explain the restriction in the commit message (and give a link to XSA-372 commit). 


Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxx>
---
Changes in v2:
- clarify memory scrubbing
---
  SUPPORT.md | 9 +++++++++
  1 file changed, 9 insertions(+)

diff --git a/SUPPORT.md b/SUPPORT.md
index 317392d8f3..524cab9c8d 100644
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -832,6 +832,15 @@ OVMF firmware implements the UEFI boot protocol.
Status, qemu-xen: Supported +## Dom0less 
+
+Guest creation from the hypervisor at boot without Dom0 intervention.
+
+    Status, ARM: Supported
+
+Memory of dom0less DomUs is not scrubbed at boot (even with
+bootscrub=on); no XSAs will be issues due to unscrubbed memory.
The memory will not be scrubbed for bootscrub=on and bootscrub=off. However, it should be scrubbed for bootscrub=idle (the default). 

Cheers,

--
Julien Grall

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.