forked from SLFO-pool/xen
55 lines
1.7 KiB
Diff
55 lines
1.7 KiB
Diff
# Commit d7c18b8720824d7efc39ffa7296751e1812865a9
|
|
# Date 2024-09-04 16:05:03 +0200
|
|
# Author Jan Beulich <jbeulich@suse.com>
|
|
# Committer Jan Beulich <jbeulich@suse.com>
|
|
SUPPORT.md: split XSM from Flask
|
|
|
|
XSM is a generic framework, which in particular is also used by SILO.
|
|
With this it can't really be experimental: Arm mandates SILO for having
|
|
a security supported configuration.
|
|
|
|
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
|
|
Reviewed-by: Daniel P. Smith <dpsmith@apertussolutions.com>
|
|
|
|
--- a/SUPPORT.md
|
|
+++ b/SUPPORT.md
|
|
@@ -768,13 +768,21 @@ Compile time disabled for ARM by default
|
|
|
|
Status, x86: Supported, not security supported
|
|
|
|
-### XSM & FLASK
|
|
+### XSM (Xen Security Module) Framework
|
|
+
|
|
+XSM is a security policy framework. The dummy implementation is covered by this
|
|
+statement, and implements a policy whereby dom0 is all powerful. See below for
|
|
+alternative modules (FLASK, SILO).
|
|
+
|
|
+ Status: Supported
|
|
+
|
|
+### FLASK XSM Module
|
|
|
|
Status: Experimental
|
|
|
|
Compile time disabled by default.
|
|
|
|
-Also note that using XSM
|
|
+Also note that using FLASK
|
|
to delegate various domain control hypercalls
|
|
to particular other domains, rather than only permitting use by dom0,
|
|
is also specifically excluded from security support for many hypercalls.
|
|
@@ -787,6 +795,13 @@ Please see XSA-77 for more details.
|
|
The default policy includes FLASK labels and roles for a "typical" Xen-based system
|
|
with dom0, driver domains, stub domains, domUs, and so on.
|
|
|
|
+### SILO XSM Module
|
|
+
|
|
+SILO extends the dummy policy by enforcing that DomU-s can only communicate
|
|
+with Dom0, yet not with each other.
|
|
+
|
|
+ Status: Supported
|
|
+
|
|
## Virtual Hardware, Hypervisor
|
|
|
|
### x86/Nested PV
|