Re: [PATCH v2 2/3] Add lockdown mode

2025-06-03 Thread Ross Lagerwall
On Tue, Jun 3, 2025 at 5:29 PM Andrew Cooper wrote: > > On 02/06/2025 2:46 pm, Kevin Lampis wrote: > > diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c > > index 1f5cb67bd0..efeed5eafc 100644 > > --- a/xen/arch/x86/setup.c > > +++ b/xen/arch/x86/setup.c > > @@ -15,6 +15,7 @@ > > #include

Re: [PATCH v2 2/3] Add lockdown mode

2025-06-03 Thread Andrew Cooper
On 02/06/2025 2:46 pm, Kevin Lampis wrote: > diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c > index 1f5cb67bd0..efeed5eafc 100644 > --- a/xen/arch/x86/setup.c > +++ b/xen/arch/x86/setup.c > @@ -15,6 +15,7 @@ > #include > #include > #include > +#include > #include > #include >

Re: [PATCH v2 2/3] Add lockdown mode

2025-06-02 Thread Kevin Lampis
On Mon, Jun 2, 2025 at 3:20 PM Marek Marczykowski-Górecki wrote: > > This is rather inconsistent with other bool options. I think you want to > use parse_bool() here. Thank you. I will use that instead.

[PATCH v2 2/3] Add lockdown mode

2025-06-02 Thread Kevin Lampis
From: Ross Lagerwall The intention of lockdown mode is to prevent attacks from a rogue dom0 userspace from compromising the system. Lockdown mode can be controlled by a Kconfig option and a command-line parameter. It is also enabled automatically when Secure Boot is enabled and it cannot be disab

Re: [PATCH v2 2/3] Add lockdown mode

2025-06-02 Thread Marek Marczykowski-Górecki
On Mon, Jun 02, 2025 at 02:46:55PM +0100, Kevin Lampis wrote: > From: Ross Lagerwall > > The intention of lockdown mode is to prevent attacks from a rogue dom0 > userspace from compromising the system. Lockdown mode can be controlled by a > Kconfig option and a command-line parameter. It is also

Re: [PATCH v2 2/3] Add lockdown mode

2025-05-20 Thread Kevin Lampis
On Tue, May 20, 2025 at 3:23 PM Jan Beulich wrote: > > No comments on the patch itself (yet), just a formal remark: I was puzzled > by having only v2 2/3 and 3/3 in my inbox. Looks like you sent each as > reply on the v1 sub-threads. Very occasionally for a larger series it may > be okay to send j

Re: [PATCH v2 2/3] Add lockdown mode

2025-05-20 Thread Jan Beulich
On 20.05.2025 13:57, Kevin Lampis wrote: > From: Ross Lagerwall > > The intention of lockdown mode is to prevent attacks from a rogue dom0 > userspace from compromising the system. Lockdown mode can be controlled by a > Kconfig option and a command-line parameter. It is also enabled automatically

[PATCH v2 2/3] Add lockdown mode

2025-05-20 Thread Kevin Lampis
From: Ross Lagerwall The intention of lockdown mode is to prevent attacks from a rogue dom0 userspace from compromising the system. Lockdown mode can be controlled by a Kconfig option and a command-line parameter. It is also enabled automatically when Secure Boot is enabled and it cannot be disab