On 14.08.2024 09:44, Jan Beulich wrote: > XSM is a generic framework, which in particular is also used by SILO. > With this it can't really be experimental: Arm mandates SILO for having > a security supported configuration. > > Signed-off-by: Jan Beulich <jbeul...@suse.com> > --- > v3: Add explanations. Another terminology adjustment. > v2: Terminology adjustments. Stronger description.
Are yet further adjustments needed? Jan > --- a/SUPPORT.md > +++ b/SUPPORT.md > @@ -769,13 +769,21 @@ Compile time disabled for ARM by default > > Status, x86: Supported, not security supported > > -### XSM & FLASK > +### XSM (Xen Security Module) Framework > + > +XSM is a security policy framework. The dummy implementation is covered by > this > +statement, and implements a policy whereby dom0 is all powerful. See below > for > +alternative modules (FLASK, SILO). > + > + Status: Supported > + > +### FLASK XSM Module > > Status: Experimental > > Compile time disabled by default. > > -Also note that using XSM > +Also note that using FLASK > to delegate various domain control hypercalls > to particular other domains, rather than only permitting use by dom0, > is also specifically excluded from security support for many hypercalls. > @@ -788,6 +796,13 @@ Please see XSA-77 for more details. > The default policy includes FLASK labels and roles for a "typical" Xen-based > system > with dom0, driver domains, stub domains, domUs, and so on. > > +### SILO XSM Module > + > +SILO implements a policy whereby DomU-s can only communicate with Dom0, yet > not > +with each other. > + > + Status: Supported > + > ## Virtual Hardware, Hypervisor > > ### x86/Nested PV
