Hey all, We would like to start a working group for secure boot support in Xen to coordinate the various interested parties and set out a plan for the feature and its implications for the whole Xen system.
The end goal is a full implementation that restricts the interfaces dom0 has to affect Xen, akin to Linux's lockdown LSM. This implicates important parts of the ABI (e.g., /dev/xen/privcmd/) and so will require input from the greater community. I'm not familiar with how working groups function in the Xen project, so this email also opens the floor for suggestions as to how this might be managed. We'd love to hear from anyone interested in such a group and how the community as a whole feels about such an effort. Best regards. --- Bobby Eshleman SE at Vates SAS
