XSMAsDefault TODO List

From Xen

What do we want to achieve

XSM with default policy will have:

  • Same functionality exposed to guests without regressions
  • Have at minimum the same security as we have without XSM enabled.
  • Have set of policies for device driver domains vs control domains.

Known Issues

  • Cannot re-apply a new policy after guests have been running.


  • Could initial build of Xen hypervisor include a built-in (inside .init.data) policy file?
  • Can we make policies modularized? A core (perhaps built-in?) with amendments loaded later?