Re: [Xen-devel] [PATCH] XSM: add Kconfig option to override bootloader provided policy

2017-11-29 Thread Jan Beulich
>>> On 29.11.17 at 16:33, wrote: > On Wed, Nov 29, 2017 at 1:19 AM, Jan Beulich wrote: > On 28.11.17 at 19:06, wrote: >>> --- a/xen/common/Kconfig >>> +++ b/xen/common/Kconfig >>> @@ -140,6 +140,20 @@ config XSM_POLICY >>> >>>

Re: [Xen-devel] [PATCH] XSM: add Kconfig option to override bootloader provided policy

2017-11-29 Thread Tamas K Lengyel
On Wed, Nov 29, 2017 at 1:19 AM, Jan Beulich wrote: On 28.11.17 at 19:06, wrote: >> --- a/xen/common/Kconfig >> +++ b/xen/common/Kconfig >> @@ -140,6 +140,20 @@ config XSM_POLICY >> >> If unsure, say Y. >> >> +config XSM_POLICY_OVERRIDE >> +

Re: [Xen-devel] [PATCH] XSM: add Kconfig option to override bootloader provided policy

2017-11-29 Thread Tamas K Lengyel
On Wed, Nov 29, 2017 at 5:29 AM, George Dunlap wrote: > On 11/28/2017 07:04 PM, Tamas K Lengyel wrote: >> On Tue, Nov 28, 2017 at 12:00 PM, Andrew Cooper >> wrote: >>> On 28/11/17 18:06, Tamas K Lengyel wrote: From: Tamas K Lengyel

Re: [Xen-devel] [PATCH] XSM: add Kconfig option to override bootloader provided policy

2017-11-29 Thread Jan Beulich
>>> On 28.11.17 at 19:06, wrote: > --- a/xen/common/Kconfig > +++ b/xen/common/Kconfig > @@ -140,6 +140,20 @@ config XSM_POLICY > > If unsure, say Y. > > +config XSM_POLICY_OVERRIDE > + bool "Built-in security policy overrides bootloader provided policy" > +

Re: [Xen-devel] [PATCH] XSM: add Kconfig option to override bootloader provided policy

2017-11-28 Thread Tamas K Lengyel
On Tue, Nov 28, 2017 at 12:00 PM, Andrew Cooper wrote: > On 28/11/17 18:06, Tamas K Lengyel wrote: >> From: Tamas K Lengyel >> >> Currently the built-in XSM policy only gets used if there is no other policy >> specified during boot. In this patch

Re: [Xen-devel] [PATCH] XSM: add Kconfig option to override bootloader provided policy

2017-11-28 Thread Andrew Cooper
On 28/11/17 18:06, Tamas K Lengyel wrote: > From: Tamas K Lengyel > > Currently the built-in XSM policy only gets used if there is no other policy > specified during boot. In this patch we add a Kconfig option to specify to > only > use built-in policy during boot. This is

Re: [Xen-devel] [PATCH] XSM: add Kconfig option to override bootloader provided policy

2017-11-28 Thread Daniel De Graaf
On 11/28/2017 01:06 PM, Tamas K Lengyel wrote: From: Tamas K Lengyel Currently the built-in XSM policy only gets used if there is no other policy specified during boot. In this patch we add a Kconfig option to specify to only use built-in policy during boot. This is