From mboxrd@z Thu Jan  1 00:00:00 1970
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: Re: [Hackathon 16] Notes from Security Session
Date: Mon, 25 Apr 2016 15:51:00 -0400
Message-ID: <571E7524.8070005@tycho.nsa.gov>
References: <D1126319-377D-4939-ADE8-4335ACAE9200@gmail.com>
 <5715F43E.7090503@cardoe.com> <5715F640.1070206@citrix.com>
 <20160425183229.GB13411@char.us.oracle.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Content-Transfer-Encoding: base64
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta6.messagelabs.com ([85.158.143.247])
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <dgdegra@tycho.nsa.gov>) id 1aumXM-00047F-Hb
 for xen-devel@lists.xenproject.org; Mon, 25 Apr 2016 19:51:16 +0000
In-Reply-To: <20160425183229.GB13411@char.us.oracle.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
To: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>, Andrew Cooper <andrew.cooper3@citrix.com>
Cc: James McKenzie <james.mckenzie@bromium.com>, sstabellini@kernel.org, Wei Liu <wei.liu2@citrix.com>, Lars Kurth <lars.kurth.xen@gmail.com>, openxt@googlegroups.com, Doug Goldstein <cardoe@cardoe.com>, George Dunlap <george.dunlap@citrix.com>, Ross Philipson <philipsonr@ainfosec.com>, Rich Persaud <persaur@gmail.com>, Jan Beulich <jbeulich@suse.com>, Anthony PERARD <anthony.perard@citrix.com>, Xen-devel <xen-devel@lists.xenproject.org>
List-Id: xen-devel@lists.xenproject.org

T24gMDQvMjUvMjAxNiAwMjozMiBQTSwgS29ucmFkIFJ6ZXN6dXRlayBXaWxrIHdyb3RlOgo+IE9u
IFR1ZSwgQXByIDE5LCAyMDE2IGF0IDEwOjExOjI4QU0gKzAxMDAsIEFuZHJldyBDb29wZXIgd3Jv
dGU6Cj4+IE9uIDE5LzA0LzE2IDEwOjAyLCBEb3VnIEdvbGRzdGVpbiB3cm90ZToKPj4+IE9uIDQv
MTgvMTYgMTI6MjAgUE0sIExhcnMgS3VydGggd3JvdGU6Cj4+Pj4gSGkgYWxsLAo+Cj4gQ0MtaW5n
IFhTTSBtYWludGFpbmVyIDotKQoKVGhhbmtzLiBJJ20gZ29pbmcgdG8gY29tbWVudCBvbiB0aGlz
IGFuZCB0aGUgd2lraS4KClsuLi5dCj4+Pj4gPT09IEVuYWJsaW5nIFhTTSBCeSBkZWZhdWx0ID09
PQo+Pj4+IEFuZHJldzogVGhlcmUgYXJlIHNvbWUgaXNzdWVzIHdoaWNoIHdlIG5lZWQgdG8gd29y
ayB0aHJvdWdoOyBhIGxvdCBvZiBsaXR0bGUgcGFwZXIgY3V0cwo+Pj4+IFJpY2g6IENvdWxkIHdl
IGNyZWF0ZSBhIGxpc3Qgb2YgaXNzdWVzIG9uIHRoZSB3aWtpPwo+Pj4+IExhcnM6IERlZmluaXRl
bHkKPj4+PiBEb3VnOiBDb3VsZCB3ZSBub3QgaGF2ZSBhIHBvbGljeSB3aGljaCBpcyBlcXVpdmFs
ZW50IHRvIFhTTSBiZWluZyBjb21waWxlZCBvdXQKPj4+PiBBbmRyZXc6IENvdWxkIG1ha2UgcG9s
aWN5IG1vcmUgbW9kdWxhciBpbnN0ZWFkIG9mIG9uZSBiaWcgZ2xvYmFsIHBvbGljeQo+Pj4+Cj4+
Pj4gUmUtYXBwbHkgcG9saWN5IG9mIGd1ZXN0IGFmdGVyIHJ1bm5pbmcKPj4+Pgo+Pj4+IEFDVElP
TjogTmVlZCBhIHdpa2kgcGFnZSwgS29ucmFkIGNhbiBzdGFydCBvbmUgYW5kIHdlIGNhbiBjb2xs
YWJvcmF0aXZlbHkgZmxlc2ggaXQgb3V0Cj4+Pj4gTGFyczogU2VlIGh0dHA6Ly93aWtpLnhlbnBy
b2plY3Qub3JnL3dpa2kvWFNNQXNEZWZhdWx0X1RPRE9fTGlzdAo+Pj4+Cj4+Pj4gQUNUSU9OOiBL
b25yYWQgYW5kIG90aGVycyB0byBhZGQgZGV0YWlsIHRvIGl0Cj4+Pj4KPj4+Pgo+Pj4gSXQgd2Fz
IHBvaW50ZWQgb3V0IHRvIG1lIHRoYXQgSSBkaWQgbm90IGdldCBteSBjb21tZW50cyBhYm91dCBY
U00gYWNyb3NzCj4+PiBjbGVhcmx5LiBJIGJlbGlldmUgd2UgbmVlZCB0byBpbXByb3ZlIHRoZSBk
ZWZhdWx0IHBvbGljeSB0byBiZQo+Pj4gZXF1aXZhbGVudCB0byBkaXNhYmxpbmcgWFNNIGFuZC9v
ciBjcmVhdGUgYSBwb2xpY3kgY2FsbGVkICJkdW1teSIgdGhhdAo+Pj4gaXMgdGhlIHNhbWUgYXMg
WFNNIGRpc2FibGVkLiBUbyBtYWtlIFhTTSB1c2FnZSBtb3JlIHNtb290aCBJIHByb3Bvc2Ugd2UK
Pj4+IGJha2UgdGhlIGRlZmF1bHQgcG9saWN5IGludG8gLmluaXRkYXRhIHNvIHRoYXQgd2hlbiB5
b3UgYm9vdCBYZW4KPj4+IGNvbXBpbGVkIHdpdGggWFNNIHlvdSBhcmUgbm8gd29yc2Ugb2ZmIHRo
YW4gY29tcGlsaW5nIFhTTSBvdXQuCj4+Pgo+Pj4gVGhlIHJhdGlvbmFsZSBoZXJlIGlzIHRoYXQg
cHJpb3IgdG8gYSByZWNlbnQgY29tbWl0IHdoZW4geW91IGNvbXBpbGVkCj4+PiBYZW4gd2l0aCBY
U00gZW5hYmxlZCBidXQgZGlkIG5vdCBwcm92aWRlIGEgZGVmYXVsdCBwb2xpY3kgdGhlbiBhbnkg
ZG9tVXMKPj4+IHRoYXQgeW91IHJhbiBoYWQgYXMgbXVjaCBhY2Nlc3MgYXMgZG9tMC4gVGhlIHJl
Y2VudCBjb21taXQgY2hhbmdlZCBpdCBzbwo+Pj4gdGhhdCBYZW4gYnkgZGVmYXVsdCBkb2VzIG5v
dCBib290IHdpdGhvdXQgYSBwb2xpY3kuCj4+Pgo+Pj4gV2l0aCBteSBwcm9wb3NlZCBjaGFuZ2Ug
d2Ugd291bGQgaGF2ZSAiZHVtbXkiIHRoYXQgd291bGQgY29tcGlsZSBpbiBhbmQKPj4+IGlmIHlv
dSBwcm92aWRlZCBhbm90aGVyIHBvbGljeSBpdCB3b3VsZCBiZSB1c2VkIGluc3RlYWQgb3IgeW91
IGNvdWxkCj4+PiBsYXRlIGxvYWQgYSByZXBsYWNlbWVudCBwb2xpY3kuIEJhc2ljYWxseSBmaWxs
aW5nIHRoZSBnYXAgb2YgdHVybmluZyBvbgo+Pj4gWFNNIGFuZCBoYXZpbmcgYSBzeXN0ZW0gbGVz
cyBzZWN1cmUgdGhhbiBYU00gb2ZmIHVudGlsIHlvdSBkZXZlbG9wZWQKPj4+IHlvdXIgcG9saWN5
Lgo+Pgo+PiArMS4gIEl0IGFsc28gYXZvaWRzIG5lZWRpbmcgdG8gcGxheSBhcm91bmQgbG9hZGlu
ZyBhbiBleHRyYSBmaWxlIGFzIGEgZ3J1Ygo+PiBtb2R1bGUsIHdoaWNoIG1ha2VzIGRpc3Ryby1p
bnRlZ3JhdGlvbiBlYXNlci4KPj4KPj4gfkFuZHJldwoKVGhpcyBzaG91bGQgYmUgZG9hYmxlLCB0
aG91Z2ggaXQgd2lsbCByZXF1aXJlIG1vdmluZyB0aGUgcmVzdCBvZgp0b29scy9mbGFzay9wb2xp
Y3kgdW5kZXIgeGVuLyBmb3IgcHJvcGVyIGRlcGVuZGVuY2llcy4gQmV5b25kIHRoYXQsIGl0Cndv
dWxkIG5lZWQgZWl0aGVyIGEgc2NyaXB0IG9yIGEgY2FyZWZ1bCBpbnZvY2F0aW9uIG9mIG9iamNv
cHkgdG8gY29udmVydAp0aGUgcG9saWN5IG91dHB1dCB0byBhbiBhcnJheSBpbiBpbml0ZGF0YSwg
YW5kIHRoZW4gdGhhdCBwb2xpY3kgd291bGQgYmUKdXNlZCBpZiB0aGUgYm9vdGxvYWRlciBvbmUg
aXMgbm90IHByZXNlbnQuCgogRnJvbSB0aGUgd2lraToKPiBYU00gd2l0aCBkZWZhdWx0IHBvbGlj
eSB3aWxsIGhhdmU6Cj4KPiAgIC0gU2FtZSBmdW5jdGlvbmFsaXR5IGV4cG9zZWQgdG8gZ3Vlc3Rz
IHdpdGhvdXQgcmVncmVzc2lvbnMKPiAgIC0gSGF2ZSBhdCBtaW5pbXVtIHRoZSBzYW1lIHNlY3Vy
aXR5IGFzIHdlIGhhdmUgd2l0aG91dCBYU00gZW5hYmxlZC4KPiAgIC0gSGF2ZSBzZXQgb2YgcG9s
aWNpZXMgZm9yIGRldmljZSBkcml2ZXIgZG9tYWlucyB2cyBjb250cm9sIGRvbWFpbnMuCgpUaGUg
Zmlyc3QgdHdvIGJ1bGxldHMgc2hvdWxkIGJlIHRydWUgd2l0aCB0aGUgY3VycmVudCBwb2xpY3ku
IFRoZSB0aGlyZApuZWVkcyB0byBiZSBtb3JlIHByZWNpc2VseSBkZWZpbmVkOiBhbnkgb3BlcmF0
aW9uIG9uIGEgZ3JvdXAgaXQKY29udHJvbHMsIG9yIGxpbWl0ZWQgb3BlcmF0aW9ucyAoc3VjaCBh
cyBhZGp1c3RpbmcgbWVtb3J5IHNpemUpIG9uIGFsbApndWVzdHM/ICBUaGUgbGF0dGVyIHdpbGwg
cHJvYmFibHkgbmVlZCBhIGN1c3RvbSBwb2xpY3kgKG1vZHVsZSkgZm9yCmV4YWN0bHkgd2hhdCB0
aGUgY29udHJvbCBkb21haW4gZG9lcy4KCj4gS25vd24gSXNzdWVzCj4KPiAgIC0gQ2Fubm90IHJl
LWFwcGx5IGEgbmV3IHBvbGljeSBhZnRlciBndWVzdHMgaGF2ZSBiZWVuIHJ1bm5pbmcuCgpUaGlz
IGlzIHBvc3NpYmxlIHZpYSAieGwgbG9hZHBvbGljeSIuICBUaGVyZSBpcyBubyAoZXhwb3NlZCkg
d2F5IHRvCnJlLWxhYmVsIGV4aXN0aW5nIGRvbWFpbnMsIGJ1dCB5b3UgY2FuIGNyZWF0ZSBuZXcg
ZG9tYWlucyB1c2luZyBuZXcKdHlwZXMgaW4gdGhlIHBvbGljeS4gIFRoZSBuZXcgcG9saWN5IHJ1
bGVzIHdpbGwgYmUgZW5mb3JjZWQgaW1tZWRpYXRlbHkKb24gZXhpc3RpbmcgZG9tYWlucywgYnV0
IHRoaXMgbWF5IG5vdCBmdWxseSB0aWdodGVuIHJlc3RyaWN0aW9uczogZm9yCmV4YW1wbGUsIGlm
IGEgcGFzc3Rocm91Z2ggZGV2aWNlIGlzIG5ld2x5IGRpc2FsbG93ZWQgYnV0IGFscmVhZHkgbWFw
cGVkCmJ5IGEgZG9tYWluLCBpdCB3aWxsIG5vdCBiZSB1bm1hcHBlZC4KCj4gVE9ETyBMaXN0Cj4K
PiAgIC0gQ291bGQgaW5pdGlhbCBidWlsZCBvZiBYZW4gaHlwZXJ2aXNvciBpbmNsdWRlIGEgYnVp
bHQtaW4gKGluc2lkZSAuaW5pdC5kYXRhKSBwb2xpY3kgZmlsZT8KKEFib3ZlKS4KPiAgIC0gQ2Fu
IHdlIG1ha2UgcG9saWNpZXMgbW9kdWxhcml6ZWQ/IEEgY29yZSAocGVyaGFwcyBidWlsdC1pbj8p
IHdpdGggYW1lbmRtZW50cyBsb2FkZWQgbGF0ZXI/CgpUaGVyZSBpcyBhbHJlYWR5IHNvbWUgc3Vw
cG9ydCBmb3IgbW9kdWxlcyBpbiB0aGUgWFNNIHBvbGljeTogc2VlCnRvb2xzL2ZsYXNrL3BvbGlj
eS9wb2xpY3kvbW9kdWxlcy5jb25mLiAgQ3VycmVudGx5IHRoaXMgaXMgbm90IHJlYWxseQp1c2Vk
OiBhbGwgcnVsZXMgYXJlIGluIHRoZSAieGVuIiBtb2R1bGUuICBIb3dldmVyLCBpdCBjb3VsZCBi
ZSBzcGxpdCB1cAppbnRvIGEgcmVhbCBjb3JlIG1vZHVsZSAocHJvYmFibHkgc3RpbGwgbmFtZWQg
InhlbiIpIGFuZCBvdGhlciBtb2R1bGVzCnRoYXQgd291bGQgYmUgYXZhaWxhYmxlIHRvIHR1cm4g
b24vb2ZmLgoKVGhlIHByb2Nlc3Mgb2YgYXNzZW1ibGluZyB0aGUgbW9kdWxlcyBpbnRvIGEgc2lu
Z2xlIFhTTSBwb2xpY3kgaXMgZG9uZQppbiB1c2Vyc3BhY2UsIG5vdCB0aGUgaHlwZXJ2aXNvciwg
c28gInhsIGxvYWRwb2xpY3kiIHdvdWxkIG5vdCBjaGFuZ2UuCgotLSAKRGFuaWVsIERlIEdyYWFm
Ck5hdGlvbmFsIFNlY3VyaXR5IEFnZW5jeQoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX18KWGVuLWRldmVsIG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMu
eGVuLm9yZwpodHRwOi8vbGlzdHMueGVuLm9yZy94ZW4tZGV2ZWwK