:p
atchew
Login
XSM is a generic framework, which in particular is also used by SILO. With this it can't really be experimental: Arm enables SILO by default. Signed-off-by: Jan Beulich <jbeulich@suse.com> --- a/SUPPORT.md +++ b/SUPPORT.md @@ -XXX,XX +XXX,XX @@ Compile time disabled for ARM by default Status, x86: Supported, not security supported -### XSM & FLASK +### XSM + + Status: Supported + +See below for use with FLASK and SILO. The dummy implementation is covered here +as well. + +### XSM + FLASK Status: Experimental Compile time disabled by default. -Also note that using XSM +Also note that using FLASK to delegate various domain control hypercalls to particular other domains, rather than only permitting use by dom0, is also specifically excluded from security support for many hypercalls. @@ -XXX,XX +XXX,XX @@ Please see XSA-77 for more details. The default policy includes FLASK labels and roles for a "typical" Xen-based system with dom0, driver domains, stub domains, domUs, and so on. +### XSM + SILO + + Status: Supported + ## Virtual Hardware, Hypervisor ### x86/Nested PV
XSM is a generic framework, which in particular is also used by SILO. With this it can't really be experimental: Arm mandates SILO for having a security supported configuration. Signed-off-by: Jan Beulich <jbeulich@suse.com> --- v2: Terminology adjustments. Stronger description. --- a/SUPPORT.md +++ b/SUPPORT.md @@ -XXX,XX +XXX,XX @@ Compile time disabled for ARM by default Status, x86: Supported, not security supported -### XSM & FLASK +### XSM (Xen Security Module) + + Status: Supported + +See below for use with FLASK and SILO. The dummy implementation is covered here +as well. + +### FLASK XSM Module Status: Experimental Compile time disabled by default. -Also note that using XSM +Also note that using FLASK to delegate various domain control hypercalls to particular other domains, rather than only permitting use by dom0, is also specifically excluded from security support for many hypercalls. @@ -XXX,XX +XXX,XX @@ Please see XSA-77 for more details. The default policy includes FLASK labels and roles for a "typical" Xen-based system with dom0, driver domains, stub domains, domUs, and so on. +### SILO XSM Module + + Status: Supported + ## Virtual Hardware, Hypervisor ### x86/Nested PV