[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 0/4] Add lockdown mode

To: "Kevin Lampis" <kevin.lampis@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
From: "Teddy Astie" <teddy.astie@xxxxxxxxxx>
Date: Tue, 06 May 2025 16:53:34 +0000
Delivery-date: Tue, 06 May 2025 17:04:13 +0000
Feedback-id: 30504962:30504962.20250506:md
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hello Kevin,

> The intention of lockdown mode is to prevent attacks from a rogue dom0
> userspace from compromising the system.

Do we consider Dom0 kernel-space as well (thus Dom0 as a whole), or only 
userland, what about privcmd device (which can issue hypercalls) ?

Teddy


Teddy Astie | Vates XCP-ng Developer

XCP-ng & Xen Orchestra - Vates solutions

web: https://vates.tech

References:
- [PATCH 0/4] Add lockdown mode
  - From: Kevin Lampis

Prev by Date: [PATCH v2 11/16] xen/riscv: aplic_init() implementation
Next by Date: Re: [PATCH 3/4] Add lockdown mode
Previous by thread: [PATCH 0/4] Add lockdown mode
Next by thread: [PATCH 1/4] lib: Add strcspn function
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.