Right now, both EXPERT and UNSUPPORTED options are not security supported. However, this seems to be causing problems for safety-certified use-cases.
Specifically, disabling AMD or Intel support is certainly something that should fall under EXPERT IMO, as it is a great way to produce a Xen binary that will not boot on a large fraction of hardware. However, I see no fundamental reason it should not be security supported. Not security supporting it means that those producing safety-certified builds of Xen (which, presumably, are some of the most security-critical there are!) are having to use security-unsupported configurations. This definitely does not seem right to me. Safety certification and security support should go hand in hand, not conflict with each other! Is there a plan to address this? -- Sincerely, Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
