EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all
EMBEDDED_EXTRA_CFLAGS += -fno-exceptions
+# Enable XSM security module (by default, Flask).
+XSM_ENABLE ?= n
+
XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles
# All the files at that location were downloaded from elsewhere on
# the internet. The original download URL is preserved as a comment
setup.py. Config.mk contains additional info how to use this variable.
PYTHON_PREFIX_ARG=
-he hypervisor may be build with XSM/Flask support, which can be changed
+The hypervisor may be build with XSM support, which can be changed with
+the following variables.
+XSM_ENABLE=y
+
+The hypervisor may be build with Flask support, which can be changed
by running:
make -C xen menuconfig
-and enabling XSM/Flask in the 'Common Features' menu.
+and enabling Flask in the 'Common Features' menu.
Do a build for coverage.
coverage=y
----------------
Xen must be compiled with XSM and FLASK enabled; by default, the security
-framework is disabled. Running 'make -C xen menuconfig' and enabling XSM
-and FLASK inside 'Common Features'; this change requires a make clean and
-rebuild.
+framework is disabled. Edit Config.mk or the .config file to set XSM_ENABLE to
+"y" and running 'make -C xen menuconfig' and enabling FLASK inside 'Common
+Features'; this change requires a make clean and rebuild.
FLASK uses only one domain configuration parameter (seclabel) defining the
full security label of the newly created domain. If using the example policy,
CFLAGS += -pipe -g -D__XEN__ -include $(BASEDIR)/include/xen/config.h
CFLAGS += '-D__OBJECT_FILE__="$@"'
+CFLAGS-$(XSM_ENABLE) += -DXSM_ENABLE
CFLAGS-$(verbose) += -DVERBOSE
CFLAGS-$(crash_debug) += -DCRASH_DEBUG
CFLAGS-$(perfc) += -DPERF_COUNTERS
config FLASK
bool "FLux Advanced Security Kernel support"
- default y
- depends on XSM
- ---help---
+ default n
+ --help---
Enables the FLASK (FLux Advanced Security Kernel) support which
provides a mandatory access control framework by which security
enforcement, isolation, and auditing can be achieved with fine
If unsure, say Y.
-# Allows "late" initialization of the hardware domain
-config LATE_HWDOM
- bool "dedicated hardware domain"
- default n
- depends on XSM && X86
- ---help---
- Allows the creation of a dedicated hardware domain distinct from
- domain 0 that manages devices without needing access to other
- privileged functionality such as the ability to manage domains.
- This requires that the actual domain 0 be a stub domain that
- constructs the actual hardware domain instead of initializing the
- hardware itself. Because the hardware domain needs access to
- hypercalls not available to unprivileged guests, an XSM policy
- is required to properly define the privilege of these domains.
-
- This feature does nothing if the "hardware_dom" boot parameter is
- not present. If this feature is being used for security, it should
- be combined with an IOMMU in strict mode.
-
- If unsure, say N.
-
-# Enable/Disable XSM support
-config XSM
- bool "Xen Security Modules support"
- default n
- ---help---
- Enables the security framework known as Xen Security Modules which
- allows administrators fine-grained control over a Xen domain and
- its capabilities by defining permissible interactions between domains,
- the hypervisor itself, and related resources such as memory and
- devices.
-
- If unsure, say N.
-
endmenu
#define CONFIG_MULTIBOOT 1
+#ifdef XSM_ENABLE
+#define CONFIG_LATE_HWDOM 1
+#endif
+
#define HZ 100
#define OPT_CONSOLE_STR "vga"
u8 priority;
u8 last_priority;
u16 last_vcpu_id;
-#ifdef CONFIG_XSM
+#ifdef XSM_ENABLE
union {
#ifdef XSM_NEED_GENERIC_EVTCHN_SSID
/*
/* DO NOT implement this function; it is supposed to trigger link errors */
void __xsm_action_mismatch_detected(void);
-#ifdef CONFIG_XSM
+#ifdef XSM_ENABLE
-/* In CONFIG_XSM builds, this header file is included from xsm/dummy.c, and
+/* In XSM_ENABLE builds, this header file is included from xsm/dummy.c, and
* contains static (not inline) functions compiled to the dummy XSM module.
* There is no xsm_default_t argument available, so the value from the assertion
* is used to initialize the variable.
#define XSM_DEFAULT_VOID void
#define XSM_ASSERT_ACTION(def) xsm_default_t action = def; (void)action
-#else /* CONFIG_XSM */
+#else /* XSM_ENABLE */
-/* In !CONFIG_XSM builds, this header file is included from xsm/xsm.h, and
+/* In !XSM_ENABLE builds, this header file is included from xsm/xsm.h, and
* contains inline functions for each XSM hook. These functions also perform
* compile-time checks on the xsm_default_t argument to ensure that the behavior
* of the dummy XSM module is the same as the behavior with XSM disabled.
#define XSM_DEFAULT_VOID xsm_default_t action
#define XSM_ASSERT_ACTION(def) LINKER_BUG_ON(def != action)
-#endif /* CONFIG_XSM */
+#endif /* XSM_ENABLE */
static always_inline int xsm_default_action(
xsm_default_t action, struct domain *src, struct domain *target)
#endif
};
-#ifdef CONFIG_XSM
+#ifdef XSM_ENABLE
extern struct xsm_operations *xsm_ops;
extern struct xsm_operations dummy_xsm_ops;
extern void xsm_fixup_ops(struct xsm_operations *ops);
-#else /* CONFIG_XSM */
+#else /* XSM_ENABLE */
#include <xsm/dummy.h>
}
#endif
-#endif /* CONFIG_XSM */
+#endif /* XSM_ENABLE */
#endif /* __XSM_H */
obj-y += xsm_core.o
-obj-$(CONFIG_XSM) += xsm_policy.o
-obj-$(CONFIG_XSM) += dummy.o
+ifeq ($(XSM_ENABLE),y)
+obj-y += xsm_policy.o
+obj-y += dummy.o
+endif
subdir-$(CONFIG_FLASK) += flask
projects / people / liuw / libxenctrl-split / xen.git / commitdiff