From mboxrd@z Thu Jan  1 00:00:00 1970
From: Julien Grall <julien.grall@linaro.org>
Subject: Re: [PATCH] xsm/flask: Handle policy load failures
	properly
Date: Fri, 27 Feb 2015 14:03:26 +0000
Message-ID: <54F0792E.6060503@linaro.org>
References: <1424707899-18101-1-git-send-email-dgdegra@tycho.nsa.gov>			
	<20150223164823.GD20083@zion.uk.xensource.com>			
	<54EB6930.2040703@tycho.nsa.gov>
	<1424767648.32223.3.camel@citrix.com>		
	<54EC44FA.2090005@linaro.org>
	<1424770748.27930.266.camel@citrix.com>	
	<54EC4999.6000505@linaro.org>
	<1424773294.27930.296.camel@citrix.com>
	<54EC9E94.1050105@tycho.nsa.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <julien.grall@linaro.org>) id 1YRLWF-0000Gq-C9
	for xen-devel@lists.xenproject.org; Fri, 27 Feb 2015 14:03:55 +0000
Received: by wesu56 with SMTP id u56so20576939wes.10
	for <xen-devel@lists.xenproject.org>;
	Fri, 27 Feb 2015 06:03:53 -0800 (PST)
In-Reply-To: <54EC9E94.1050105@tycho.nsa.gov>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>, Ian Campbell <ian.campbell@citrix.com>
Cc: xen-devel@lists.xenproject.org, Wei Liu <wei.liu2@citrix.com>
List-Id: xen-devel@lists.xenproject.org

Hi Daniel,

On 24/02/15 15:53, Daniel De Graaf wrote:
> This seems a reasonable solution if we don't want to change how the boot
> parameters are set up.
> 
> Another alternative would be to change flask_enforcing/flask_enabled to
> a single "flask=" parameter with options:
>  disabled - revert to dummy (no XSM) policy, same as flask_enabled=0
>  develop/permissive - a missing or broken policy does not panic
>  enforce/enforcing/force - require policy to be loaded at boot time
>  late/load - bootloader policy is not used; later loadpolicy is enforcing
> 
> The default would be "permissive" as in the existing hypervisor.  This
> would be more flexible, but I'm not sure it is worth breaking existing
> command lines and changing documentation to implement.

This look a good solution, having flask_enforcing without flask_enable
doesn't make much sense.

Although I don't know what is the policy about xen parameters. Maybe Ian
or Jan have an idea about it.

Regards,

-- 
Julien Grall