On 1/4/16 2:01 PM, Daniel De Graaf wrote: > On 22/12/15 16:26, Doug Goldstein wrote: >> Converts the existing XSM_ENABLE flag from Config.mk to CONFIG_XSM >> within Kconfig. This also re-adds the dependency of CONFIG_FLASK on >> CONFIG_XSM. >> >> CC: Keir Fraser <k...@xen.org> >> CC: Jan Beulich <jbeul...@suse.com> >> CC: Andrew Cooper <andrew.coop...@citrix.com> >> Signed-off-by: Doug Goldstein <car...@cardoe.com> > > The dependencies for LATE_HWDOM are backwards: it is an optional X86-only > feature (which probably should be off by default) that depends on XSM to > work properly.
Currently its always enabled if XSM_ENABLE is set. But if you are comfortable I'll tweak the patch to make this adjustable. Are you ok keeping your Ack-by as well? > > How about this for the help text: > > Allows the creation of a dedicated hardware domain distinct from > domain 0 that manages devices without needing access to other > privileged functionality such as the ability to manage domains. > This requires that the actual domain 0 be a stub domain that > constructs the actual hardware domain instead of initializing the > hardware itself. Because the hardware domain needs access to > hypercalls not available to unprivileged guests, an XSM policy > is required to properly define the privilege of these domains. > > This feature does nothing if the "hardware_dom" boot parameter is > not present. If this feature is being used for security, it should > be combined with an IOMMU in strict mode. > > If unsure, say N. Perfect! This is what I'm looking for from the various maintainers to help improve the documentation of different flags. -- Doug Goldstein
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
