>>> On 12.06.18 at 21:53, <sstabell...@kernel.org> wrote: > On Tue, 12 Jun 2018, Jan Beulich wrote: >> >> >> As a consequence of these changes, some options will become >> >> >> user-visible >> >> >> and not dependent on CONFIG_EXPERT. It does not mean that Xen Project >> >> >> will security support all possible combinations of kconfig options. >> >> >> Instead, there will be a small set of pre-canned configurations that >> >> >> will be supported. See: >> >> >> https://marc.info/?l=xen-devel&m=152424389512432 >> >> > >> >> > George, Ian, Jan, shall SUPPORT.MD be updated to reflect the Kconfig >> >> > changes? >> >> > >> >> > I am mostly thinking about the board support and the fact that more >> >> > options on Arm are selectable by the users. >> >> >> >> I think that would be very desirable, yes. >> > >> > Do you want me to add a patch for that to this series, or should I do it >> > separately? >> >> I think such a doc change should be right in a particular patch making >> things user selectable. > > I have added the following to patch #5, the one introducing all the UART > Kconfigs on ARM. I think it is the one introducing more new options. I > removed Julien's ACK because of this change. Let me know if you think we > need more details in SUPPORT.md. > > diff --git a/SUPPORT.md b/SUPPORT.md > index 264b23f..e70f35c 100644 > --- a/SUPPORT.md > +++ b/SUPPORT.md > @@ -16,6 +16,18 @@ for the definitions of the support status levels etc. > > # Feature Support > > +## Kconfig > + > +On x86, Kconfig options that depend on CONFIG_EXPERT are not security > +supported. Other Kconfig options that do not depend on CONFIG_EXPERT are > +supported, if the related features marked as supported in this document.
..., if the related features are marked ... > +On ARM, a wider range of Kconfig configurations is available to enable > +very small lines of code counts in the hypervisor. Not all possible > +combinations of kconfig options are security supported. Instead, a small > +set of pre-canned configurations is supported, see xen/arch/arm/configs. Patch 5 does not add any EXPERT dependencies afaics, so this is at least misleading. I think the EXPERT rule should apply generically, and perhaps be introduced by (and discussed in the context of) a separate patch. I also think DEBUG should be mentioned alongside EXPERT. The patch relaxing things for ARM would then add a relaxation paragraph here. Jan _______________________________________________ Xen-devel mailing list Xenemail@example.com https://lists.xenproject.org/mailman/listinfo/xen-devel