From mboxrd@z Thu Jan  1 00:00:00 1970
From: Doug Goldstein <cardoe@cardoe.com>
Subject: Re: [PATCH 2/2] xen: convert XSM_ENABLE to Kconfig
Date: Mon, 4 Jan 2016 14:33:30 -0600
Message-ID: <568AD71A.8000105@cardoe.com>
References: <1450759603-24249-1-git-send-email-cardoe@cardoe.com>
	<1450819607-3763-1-git-send-email-cardoe@cardoe.com>
	<1450819607-3763-2-git-send-email-cardoe@cardoe.com>
	<568ACF88.1060607@tycho.nsa.gov>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1416266488532912142=="
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <568ACF88.1060607@tycho.nsa.gov>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>, xen-devel@lists.xen.org
Cc: Andrew Cooper <andrew.cooper3@citrix.com>, Keir Fraser <keir@xen.org>, Jan Beulich <jbeulich@suse.com>
List-Id: xen-devel@lists.xenproject.org

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1416266488532912142==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="6kgVp2MadPhc9xEleQjmsfA4U3PmqHBWg"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--6kgVp2MadPhc9xEleQjmsfA4U3PmqHBWg
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 1/4/16 2:01 PM, Daniel De Graaf wrote:
> On 22/12/15 16:26, Doug Goldstein wrote:
>> Converts the existing XSM_ENABLE flag from Config.mk to CONFIG_XSM
>> within Kconfig. This also re-adds the dependency of CONFIG_FLASK on
>> CONFIG_XSM.
>>
>> CC: Keir Fraser <keir@xen.org>
>> CC: Jan Beulich <jbeulich@suse.com>
>> CC: Andrew Cooper <andrew.cooper3@citrix.com>
>> Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
>=20
> The dependencies for LATE_HWDOM are backwards: it is an optional X86-on=
ly
> feature (which probably should be off by default) that depends on XSM t=
o
> work properly.

Currently its always enabled if XSM_ENABLE is set. But if you are
comfortable I'll tweak the patch to make this adjustable. Are you ok
keeping your Ack-by as well?

>=20
> How about this for the help text:
>=20
> Allows the creation of a dedicated hardware domain distinct from
> domain 0 that manages devices without needing access to other
> privileged functionality such as the ability to manage domains.
> This requires that the actual domain 0 be a stub domain that
> constructs the actual hardware domain instead of initializing the
> hardware itself.  Because the hardware domain needs access to
> hypercalls not available to unprivileged guests, an XSM policy
> is required to properly define the privilege of these domains.
>=20
> This feature does nothing if the "hardware_dom" boot parameter is
> not present.  If this feature is being used for security, it should
> be combined with an IOMMU in strict mode.
>=20
> If unsure, say N.

Perfect! This is what I'm looking for from the various maintainers to
help improve the documentation of different flags.

--=20
Doug Goldstein


--6kgVp2MadPhc9xEleQjmsfA4U3PmqHBWg
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0

iQJ8BAEBCgBmBQJWitccXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBNTM5MEQ2RTNFMTkyNzlCNzVDMzIwOTVB
MkJDMDNEQzg3RUQxQkQ0AAoJEKK8A9yH7RvUgAMP/0sTFdEkputaMJ+KYi2LTsFg
4y/wEvDqfbeKRyDbl3Q1tUnZgn/SXjiSlG7Y1s9aNg4YlugDxyFL4mlwFDsjiCpI
XtLyxOql1afLRaZe7hf1Y9nmu8HsayBESZuSzBA6M2lfJDzxLBD91daNvEiToyXO
A+CpAu6R/CfTVjIz6Y2a1bvDZ03nyTVNHxnS+MbuOnP5IzJLGwPGMEqj7oPvDqeQ
hIeM0mfk9WFB26BIlUk/EvRAKpNFhTWiBihZzJryLp+WZLbBix1dIrmUx6Acw/9j
fgFpc1I3YGWY2Nt91SsEzFMD3IZpGYSrZRjWdWlj+5flOkiLD/njqzYD8b50PmRa
K0fNVpMLrmR2KNXlqRkBV/ktxN8D2XSBdZyoSRrvDEPaT2g8L4KS3zP53AAAg6c7
dutZ6aFhPCzGrkkNHhN9cKUpcYEOm43kGFiRr8SW/stew4YMFjjk9EP1FopCFLtN
QKdBanBpt4YZAPd1ioFtpqgql8vPh2NbjCLzgYpspBa3Bgz4VGwnWfZG5d8PGvlX
ZWpmxTQipX1xfrHe/pF8Tv8s4LqduA8GO7X8TjWmaMTceZd5b2kfx34Vx5x769zz
gBr76sltpDebgDLJlsVfQD12TKe6ilSC4ebQc6XIKAz47MsSSo7zb1zCZjH4KerX
7mNeIigkZ7AI6w2I1RjK
=ArcT
-----END PGP SIGNATURE-----

--6kgVp2MadPhc9xEleQjmsfA4U3PmqHBWg--


--===============1416266488532912142==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

--===============1416266488532912142==--