> On 3 May 2022, at 12:17, Daniel P. Smith <dpsm...@apertussolutions.com> wrote: > > This commit implements full support for starting the idle domain privileged by > introducing a new flask label xenboot_t which the idle domain is labeled with > at creation. It then provides the implementation for the XSM hook > xsm_set_system_active to relabel the idle domain to the existing xen_t flask > label. > > In the reference flask policy a new macro, xen_build_domain(target), is > introduced for creating policies for dom0less/hyperlaunch allowing the > hypervisor to create and assign the necessary resources for domain > construction. > > Signed-off-by: Daniel P. Smith <dpsm...@apertussolutions.com> > Reviewed-by: Jason Andryuk <jandr...@gmail.com>
Hi Daniel, I’ve built and tested the whole serie on arm, checked SILO and FLASK with builtin flask policy and I’ve tested that Dom0 is booting fine. So for me: Reviewed-by: Luca Fancellu <luca.fance...@arm.com> Tested-by: Luca Fancellu <luca.fance...@arm.com> Cheers, Luca