On Tue, Jun 10, 2025 at 4:56 PM Jan Beulich wrote:
>
>It's still being left entirely unclear what the criteria are by which an
>option can / cannot be marked "safe".
The purpose of lockdown mode is to protect Xen from unauthorized code execution
in Secure Boot mode. Xen especially needs protectio
On 02.06.2025 15:46, Kevin Lampis wrote:
> A subset of command-line parameters that are specifically safe to use when
> lockdown mode is enabled are annotated as such.
>
> These are commonly used parameters which have been audited to ensure they
> cannot be used to undermine the integrity of the s
On Mon, Jun 02, 2025 at 04:22:06PM +0200, Jan Beulich wrote:
> On 02.06.2025 16:16, Marek Marczykowski-Górecki wrote:
> > On Mon, Jun 02, 2025 at 02:46:56PM +0100, Kevin Lampis wrote:
> >> --- a/xen/common/lockdown.c
> >> +++ b/xen/common/lockdown.c
> >> @@ -35,7 +35,7 @@ static int __init parse_lo
On 02.06.2025 16:16, Marek Marczykowski-Górecki wrote:
> On Mon, Jun 02, 2025 at 02:46:56PM +0100, Kevin Lampis wrote:
>> --- a/xen/common/lockdown.c
>> +++ b/xen/common/lockdown.c
>> @@ -35,7 +35,7 @@ static int __init parse_lockdown_opt(const char *s)
>>
>> return 0;
>> }
>> -custom_param
On Mon, Jun 02, 2025 at 02:46:56PM +0100, Kevin Lampis wrote:
> A subset of command-line parameters that are specifically safe to use when
> lockdown mode is enabled are annotated as such.
>
> These are commonly used parameters which have been audited to ensure they
> cannot be used to undermine t
A subset of command-line parameters that are specifically safe to use when
lockdown mode is enabled are annotated as such.
These are commonly used parameters which have been audited to ensure they
cannot be used to undermine the integrity of the system when booted in
Secure Boot mode.
Signed-off-
A subset of command-line parameters that are specifically safe to use when
lockdown mode is enabled are annotated as such.
These are commonly used parameters which have been audited to ensure they
cannot be used to undermine the integrity of the system when booted in
Secure Boot mode.
Signed-off-