From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christoph Egger Subject: Re: [PATCH 04/17] vmx: nest: domain and vcpu flags Date: Thu, 20 May 2010 16:06:35 +0200 Message-ID: <201005201606.35375.Christoph.Egger@amd.com> References: <1271929289-18572-1-git-send-email-qing.he@intel.com> <20100520105529.GN4164@whitby.uk.xensource.com> <20100520125341.GA21374@qhe2-db> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20100520125341.GA21374@qhe2-db> Content-Disposition: inline List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel@lists.xensource.com Cc: Tim Deegan , Qing He List-Id: xen-devel@lists.xenproject.org On Thursday 20 May 2010 14:53:41 Qing He wrote: > On Thu, 2010-05-20 at 18:55 +0800, Tim Deegan wrote: > > At 10:54 +0100 on 20 May (1274352874), Qing He wrote: > > > But I still put this flags here because there have been some people > > > expressing security concerns, that in some situations, hardware > > > virtualization needs to be explicitly disabled to avoid stealth VMM. > > > > I understand that people might want to disable nested HVM, and it's fine > > to do that in the domain builder; I just don't think that domcrf is te > > right Xen interface. Christoph's use of HVM_PARAM sounds right to me. > > OK, I'll change to HVM_PARAM solution. Do you really want to do duplicate work ? IMO, it is better to adapt my patch. Christoph -- ---to satisfy European Law for business letters: Advanced Micro Devices GmbH Einsteinring 24, 85609 Dornach b. Muenchen Geschaeftsfuehrer: Andrew Bowd, Thomas M. McCoy, Giuliano Meroni Sitz: Dornach, Gemeinde Aschheim, Landkreis Muenchen Registergericht Muenchen, HRB Nr. 43632