diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2016-07-14 10:18:47 -0400 |
---|---|---|
committer | Andrew Cooper <andrew.cooper3@citrix.com> | 2016-07-14 15:32:38 +0100 |
commit | 41b61be1c244b27985f92061aa9670088340a37f (patch) | |
tree | a68ba4824ae5cc6874e35fb85d9cdfe1a906a76e /xen/include/xsm | |
parent | e04b562377b3a50e48eb691145c3b95c19a78658 (diff) |
xsm: add a default policy to .init.data
This adds a Kconfig option and support for including the XSM policy from
tools/flask/policy in the hypervisor so that the bootloader does not
need to provide a policy to get sane behavior from an XSM-enabled
hypervisor. The policy provided by the bootloader, if present, will
override the built-in policy.
The XSM policy is not moved out of tools because that remains the
primary location for installing and configuring the policy.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Diffstat (limited to 'xen/include/xsm')
-rw-r--r-- | xen/include/xsm/xsm.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index e83dca26d5..5dc59ddfd6 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -761,6 +761,11 @@ static inline void flask_init(const void *policy_buffer, size_t policy_size) } #endif +#ifdef CONFIG_XSM_POLICY +extern const unsigned char xsm_init_policy[]; +extern const unsigned int xsm_init_policy_size; +#endif + #else /* CONFIG_XSM */ #include <xsm/dummy.h> |