xsm: add a default policy to .init.data

This adds a Kconfig option and support for including the XSM policy from tools/flask/policy in the hypervisor so that the bootloader does not need to provide a policy to get sane behavior from an XSM-enabled hypervisor. The policy provided by the bootloader, if present, will override the built-in policy. The XSM policy is not moved out of tools because that remains the primary location for installing and configuring the policy. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
author: Daniel De Graaf <dgdegra@tycho.nsa.gov> 2016-07-14 10:18:47 -0400
committer: Andrew Cooper <andrew.cooper3@citrix.com> 2016-07-14 15:32:38 +0100
commit: 41b61be1c244b27985f92061aa9670088340a37f (patch)
tree: a68ba4824ae5cc6874e35fb85d9cdfe1a906a76e /xen/include/xsm
parent: e04b562377b3a50e48eb691145c3b95c19a78658 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index e83dca26d5..5dc59ddfd6 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -761,6 +761,11 @@ static inline void flask_init(const void *policy_buffer, size_t policy_size)
 }
 #endif
 
+#ifdef CONFIG_XSM_POLICY
+extern const unsigned char xsm_init_policy[];
+extern const unsigned int xsm_init_policy_size;
+#endif
+
 #else /* CONFIG_XSM */
 
 #include <xsm/dummy.h>
author	Daniel De Graaf <dgdegra@tycho.nsa.gov>	2016-07-14 10:18:47 -0400
committer	Andrew Cooper <andrew.cooper3@citrix.com>	2016-07-14 15:32:38 +0100
commit	41b61be1c244b27985f92061aa9670088340a37f (patch)
tree	a68ba4824ae5cc6874e35fb85d9cdfe1a906a76e /xen/include/xsm
parent	e04b562377b3a50e48eb691145c3b95c19a78658 (diff)