dgit.raspbian.org Git - xen.git/commit

author	Daniel De Graaf <dgdegra@tycho.nsa.gov>
	Mon, 20 Jun 2016 14:04:26 +0000 (10:04 -0400)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Fri, 24 Jun 2016 14:53:22 +0000 (15:53 +0100)
commit	08cffe6696c047123bd552e095163924c8ef4353
tree	9130a91067c41590504fdf15dd1926a56e51e6be	tree \| snapshot
parent	668ba1f85bf2e4086cf18c35abc880b9eee4e8f2	commit \| diff

xsm: add a default policy to .init.data

This adds a Kconfig option and support for including the XSM policy from
tools/flask/policy in the hypervisor so that the bootloader does not
need to provide a policy to get sane behavior from an XSM-enabled
hypervisor. The policy provided by the bootloader, if present, will
override the built-in policy.

Enabling this option only builds the policy if checkpolicy is available
during compilation of the hypervisor; otherwise, it does nothing. The
XSM policy is not moved out of tools because that remains the primary
location for installing and configuring the policy.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Julien Grall <julien.grall@arm.com>

docs/misc/xen-command-line.markdown		diff \| blob \| history
docs/misc/xsm-flask.txt		diff \| blob \| history
xen/arch/arm/xen.lds.S		diff \| blob \| history
xen/arch/x86/xen.lds.S		diff \| blob \| history
xen/common/Kconfig		diff \| blob \| history
xen/xsm/flask/Makefile		diff \| blob \| history
xen/xsm/xsm_core.c		diff \| blob \| history