From 41b61be1c244b27985f92061aa9670088340a37f Mon Sep 17 00:00:00 2001
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Date: Thu, 14 Jul 2016 10:18:47 -0400
Subject: xsm: add a default policy to .init.data

This adds a Kconfig option and support for including the XSM policy from
tools/flask/policy in the hypervisor so that the bootloader does not
need to provide a policy to get sane behavior from an XSM-enabled
hypervisor.  The policy provided by the bootloader, if present, will
override the built-in policy.

The XSM policy is not moved out of tools because that remains the
primary location for installing and configuring the policy.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
 xen/include/xsm/xsm.h | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'xen/include/xsm')

diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index e83dca26d5..5dc59ddfd6 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -761,6 +761,11 @@ static inline void flask_init(const void *policy_buffer, size_t policy_size)
 }
 #endif
 
+#ifdef CONFIG_XSM_POLICY
+extern const unsigned char xsm_init_policy[];
+extern const unsigned int xsm_init_policy_size;
+#endif
+
 #else /* CONFIG_XSM */
 
 #include <xsm/dummy.h>
-- 
cgit v1.2.3