Hello Kevin, > The intention of lockdown mode is to prevent attacks from a rogue dom0 > userspace from compromising the system.
Do we consider Dom0 kernel-space as well (thus Dom0 as a whole), or only userland, what about privcmd device (which can issue hypercalls) ? Teddy Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech
