From: Jan Beulich <jbeulich@suse.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Julien Grall <julien@xen.org>,
Stefano Stabellini <sstabellini@kernel.org>,
Daniel Smith <dpsmith@apertussolutions.com>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Subject: Re: [PATCH] SUPPORT.md: split XSM from Flask
Date: Tue, 30 Jul 2024 14:58:03 +0200 [thread overview]
Message-ID: <220ebc7e-36eb-40af-9fa0-133bb458dfd5@suse.com> (raw)
In-Reply-To: <ef4b21d8-a5a9-4d24-bf18-908b5ee067db@citrix.com>
On 30.07.2024 14:35, Andrew Cooper wrote:
> On 30/07/2024 11:57 am, Jan Beulich wrote:
>> XSM is a generic framework, which in particular is also used by SILO.
>> With this it can't really be experimental: Arm enables SILO by default.
>
> It's stronger than this.
>
> XSA-295 makes SILO the only security supported configuration for ARM.
Okay, switched to "Arm mandates SILO for having a security supported
configuration."
>> --- a/SUPPORT.md
>> +++ b/SUPPORT.md
>> @@ -768,13 +768,20 @@ Compile time disabled for ARM by default
>>
>> Status, x86: Supported, not security supported
>>
>> -### XSM & FLASK
>> +### XSM
>> +
>> + Status: Supported
>> +
>> +See below for use with FLASK and SILO. The dummy implementation is covered here
>> +as well.
>
> This feels weird, although I can't suggest a better option.
>
> XSM isn't optional; it can't be compiled out,
How can it not be? There's an "XSM" Kconfig control.
> nor can the dummy policy,
In a way. Yet how the dummy policy is instantiated is quite different
between XSM=y and XSM=n.
> so it's weird to call out what literally cannot have a statement
> different to the rest of Xen.
>
> Combined with ...
>
>> +
>> +### XSM + FLASK
>
> ... this wanting to say "Flask (XSM module/policy)" IMO, maybe what we
> really want is:
>
> ---%<---
> ### XSM (Xen Security Modules)
>
> Base XSM is a security policy framework used in Xen. The dummy policy
> implements a basic "dom0 all powerful, domUs all unprivileged" policy".
> ---%<---
>
> intentionally without giving a Status.
As per above, imo XSM=y wants security status named. That's, after all,
part of what was missing / ambiguous so far.
> Then, the two blocks below are clearly alternative modules which have
> optionality and different support statuses.
I'll change the wording there some, to be closer to what you and also
Daniel ask for.
Jan
next prev parent reply other threads:[~2024-07-30 12:58 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-30 10:57 [PATCH] SUPPORT.md: split XSM from Flask Jan Beulich
2024-07-30 11:37 ` Daniel Smith
2024-07-30 12:04 ` Jan Beulich
2024-07-30 12:31 ` Daniel Smith
2024-07-30 12:51 ` Jan Beulich
2024-07-30 12:35 ` Andrew Cooper
2024-07-30 12:58 ` Jan Beulich [this message]
2024-07-30 13:04 ` Daniel Smith
2024-07-30 14:32 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=220ebc7e-36eb-40af-9fa0-133bb458dfd5@suse.com \
--to=jbeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=dpsmith@apertussolutions.com \
--cc=julien@xen.org \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.