On 06.05.2021 14:47, George Dunlap wrote: > --- a/xen/arch/x86/Kconfig > +++ b/xen/arch/x86/Kconfig > @@ -55,7 +55,7 @@ config PV > config PV32 > bool "Support for 32bit PV guests" > depends on PV > - default y > + default PV_SHIM > select COMPAT > ---help--- > The 32bit PV ABI uses Ring1, an area of the x86 architecture which > @@ -67,7 +67,10 @@ config PV32 > reduction, or performance reasons. Backwards compatibility can be > provided via the PV Shim mechanism. > > - If unsure, say Y. > + Note that outside of PV Shim, 32-bit PV guests are not security > + supported anymore. > + > + If unsure, use the default setting.
Alongside this I wonder whether we should also default opt_pv32 to false then, unless running in shim mode. Jan
