>>> On 18.08.17 at 23:55, <dgde...@tycho.nsa.gov> wrote:
> On 08/18/2017 05:02 PM, christopher.w.cl...@gmail.com wrote:
>> From: Christopher Clark <christopher.cla...@baesystems.com>
>>
>> Isolation of devices passed through to domains usually requires an
>> active IOMMU. The existing method of requiring an IOMMU is via a Xen
>> boot parameter ("iommu=force") which will abort boot if an IOMMU is not
>> available.
>>
>> More graceful degradation of behaviour when an IOMMU is absent can be
>> achieved by enabling XSM to perform enforcement of IOMMU requirement.
>>
>> This patch enables an enforceable XSM policy to specify that an IOMMU is
>> required for particular domains to access devices and how capable that
>> IOMMU must be. This allows a Xen system to boot whilst still
>> ensuring that an IOMMU is active before permitting device use.
>>
>> Using a XSM policy ensures that the isolation properties remain enforced
>> even when the large, complex toolstack software changes.
>>
>> For some hardware platforms interrupt remapping is a strict requirement
>> for secure isolation. Not all IOMMUs provide interrupt remapping.
>> The XSM policy can now optionally require interrupt remapping.
>>
>> The device use hooks now check whether an IOMMU is:
>> * Active and securely isolating:
>> -- current criteria for this is that interrupt remapping is ok
>> * Active but interrupt remapping is not available
>> * Not active
>>
>> This patch also updates the reference XSM policy to use the new
>> primitives, with policy entries that do not require an active IOMMU.
>>
>> Signed-off-by: Christopher Clark <christopher.cla...@baesystems.com>
>
> Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
To be honest, for this kind of a change I would have hoped for
a Reviewed-by (by you or someone else), not just an Acked-by.
Hence I'm hesitant to put the patch in right away.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
