Hi Stefano,
On 15/07/2021 00:48, Stefano Stabellini wrote:
Add Dom0less to SUPPORT.md to clarify its support status. The feature is
mature enough and small enough to make it security supported.
I would suggest to explain the restriction in the commit message (and
give a link to XSA-372 commit).
Signed-off-by: Stefano Stabellini <[email protected]>
---
Changes in v2:
- clarify memory scrubbing
---
SUPPORT.md | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/SUPPORT.md b/SUPPORT.md
index 317392d8f3..524cab9c8d 100644
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -832,6 +832,15 @@ OVMF firmware implements the UEFI boot protocol.
Status, qemu-xen: Supported
+## Dom0less
+
+Guest creation from the hypervisor at boot without Dom0 intervention.
+
+ Status, ARM: Supported
+
+Memory of dom0less DomUs is not scrubbed at boot (even with
+bootscrub=on); no XSAs will be issues due to unscrubbed memory.
The memory will not be scrubbed for bootscrub=on and bootscrub=off.
However, it should be scrubbed for bootscrub=idle (the default).
Cheers,
--
Julien Grall
