On 05.09.2025 05:47, Demi Marie Obenour wrote: > Right now, both EXPERT and UNSUPPORTED options are > not security supported. However, this seems to be > causing problems for safety-certified use-cases. > > Specifically, disabling AMD or Intel support is certainly > something that should fall under EXPERT IMO, as it is a > great way to produce a Xen binary that will not boot on > a large fraction of hardware. However, I see no fundamental > reason it should not be security supported. Not security > supporting it means that those producing safety-certified > builds of Xen (which, presumably, are some of the most > security-critical there are!) are having to use > security-unsupported configurations. > > This definitely does not seem right to me. Safety > certification and security support should go hand in hand, > not conflict with each other! Is there a plan to address this?
Something that isn't security supported upstream still can be security supported by a downstream. For upstream, we simply need to somehow limit scope. Any extension of scope will need to come with respective justification. Yet if done so, I wouldn't see a reason why we shouldn't at least properly consider such a proposal. Jan
