From patchwork Mon Nov 13 15:41:18 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: George Dunlap <george.dunlap@citrix.com>
X-Patchwork-Id: 10056315
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	2763F60215 for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 13 Nov 2017 15:44:22 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 17C0929400
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 13 Nov 2017 15:44:22 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 0C78029428; Mon, 13 Nov 2017 15:44:22 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 6F9B929400
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 13 Nov 2017 15:44:21 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1eEGrm-0007vL-1O; Mon, 13 Nov 2017 15:41:42 +0000
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <prvs=483948db6=George.Dunlap@citrix.com>)
	id 1eEGrj-0007tb-W0
	for xen-devel@lists.xenproject.org; Mon, 13 Nov 2017 15:41:40 +0000
Received: from [85.158.139.211] by server-6.bemta-5.messagelabs.com id
	9B/55-02207-33DB90A5; Mon, 13 Nov 2017 15:41:39 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrAIsWRWlGSWpSXmKPExsXitHRDpK7RXs4
	ogzm/zCy+b5nM5MDocfjDFZYAxijWzLyk/IoE1oz72+6xFkyWqfi9nLOBcat4FyMnh4SAv8SV
	5TfZQGw2AT2Jece/snQxcnCICKhI3N5rABJmFljNLLHqZyBIWFjAReJ0jylImEVAVaJrD0Qnr
	4CtxLe+22wQE+UlFn/fCWZzCthJXPyykgnEFgKq+bBuJjuErSqx+MFRdoheQYmTM5+wQKySkD
	j44gXzBEbeWUhSs5CkFjAyrWLUKE4tKkst0jU00EsqykzPKMlNzMwB8kz1clOLixPTU3MSk4r
	1kvNzNzECw4YBCHYwrpnqfIhRkoNJSZRX5TN7lBBfUn5KZUZicUZ8UWlOavEhRhkODiUJ3sY9
	nFFCgkWp6akVaZk5wACGSUtw8CiJ8O7ZDZTmLS5IzC3OTIdInWK05zi26fIfJo4fk64AyWczX
	zcwc0y72trELMSSl5+XKiXOqwQyVQCkLaM0D24oLOIuMcpKCfMyAp0pxFOQWpSbWYIq/4pRnI
	NRSZg3HGQKT2ZeCdzuV0BnMQGdJQXyEW9xSSJCSqqBUeW7klfymmeJTIlL7rfVfXxWaHJOoyz
	nfPoeRl+uqAzzu5N6XlgzbWwWWn5J+dr0410W+/SPbVqVOSPiylHfJT81tToOh2exe6x2aN7Q
	L8PhWdliXldftGOb+pHAfa8/rtBs+bOrbt+jwy2v17XVJRndX327etVZt7IeBtd0Gc1Oxb8Vp
	ZsSlFiKMxINtZiLihMB6V7gALMCAAA=
X-Env-Sender: prvs=483948db6=George.Dunlap@citrix.com
X-Msg-Ref: server-9.tower-206.messagelabs.com!1510587696!107101553!1
X-Originating-IP: [66.165.176.89]
X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor:
	VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni44OSA9PiAyMDMwMDc=\n,
	received_headers: No Received headers
X-StarScan-Received: 
X-StarScan-Version: 9.4.45; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 15670 invoked from network); 13 Nov 2017 15:41:38 -0000
Received: from smtp.citrix.com (HELO SMTP.CITRIX.COM) (66.165.176.89)
	by server-9.tower-206.messagelabs.com with RC4-SHA encrypted SMTP;
	13 Nov 2017 15:41:38 -0000
X-IronPort-AV: E=Sophos;i="5.44,389,1505779200"; d="scan'208";a="451509077"
From: George Dunlap <george.dunlap@citrix.com>
To: <xen-devel@lists.xenproject.org>
Date: Mon, 13 Nov 2017 15:41:18 +0000
Message-ID: <20171113154126.13038-8-george.dunlap@citrix.com>
X-Mailer: git-send-email 2.15.0
In-Reply-To: <20171113154126.13038-1-george.dunlap@citrix.com>
References: <20171113154126.13038-1-george.dunlap@citrix.com>
MIME-Version: 1.0
Cc: Stefano Stabellini <sstabellini@kernel.org>,
	Wei Liu <wei.liu2@citrix.com>, Konrad Wilk <konrad.wilk@oracle.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>, Tim Deegan <tim@xen.org>,
	George Dunlap <george.dunlap@citrix.com>,
	Paul Durrant <paul.durrant@citrix.com>, Jan Beulich <jbeulich@suse.com>,
	Anthony Perard <anthony.perard@citrix.com>,
	Ian Jackson <ian.jackson@citrix.com>,
	Roger Pau Monne <roger.pau@citrix.com>
Subject: [Xen-devel] [PATCH 08/16] SUPPORT.md: Add x86-specific virtual
	hardware
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

x86-specific virtual hardware provided by the hypervisor, toolstack,
or QEMU.

Signed-off-by: George Dunlap <george.dunlap@citrix.com>
---
Added emulated QEMU support, to replace docs/misc/qemu-xen-security.

Need to figure out what to do with the "backing storage image format"
section of that document.

CC: Ian Jackson <ian.jackson@citrix.com>
CC: Wei Liu <wei.liu2@citrix.com>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: Konrad Wilk <konrad.wilk@oracle.com>
CC: Tim Deegan <tim@xen.org>
CC: Roger Pau Monne <roger.pau@citrix.com>
CC: Anthony Perard <anthony.perard@citrix.com>
CC: Paul Durrant <paul.durrant@citrix.com>
---
 SUPPORT.md | 106 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 106 insertions(+)

diff --git a/SUPPORT.md b/SUPPORT.md
index 20c58377a5..b95ee0ebe7 100644
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -376,6 +376,112 @@ there is currently no xl support.
 
     Status: Supported
 
+## Virtual Hardware, Hypervisor
+
+### x86/Nested PV
+
+    Status, x86 HVM: Tech Preview
+
+This means running a Xen hypervisor inside an HVM domain,
+with support for PV L2 guests only
+(i.e., hardware virtualization extensions not provided
+to the guest).
+
+This works, but has performance limitations
+because the L1 dom0 can only access emulated L1 devices.
+
+### x86/Nested HVM
+
+    Status, x86 HVM: Experimental
+
+This means running a Xen hypervisor inside an HVM domain,
+with support for running both PV and HVM L2 guests
+(i.e., hardware virtualization extensions provided
+to the guest).
+
+### x86/Advanced Vector eXtension
+
+    Status: Supported
+
+### vPMU
+
+    Status, x86: Supported, Not security supported
+
+Virtual Performance Management Unit for HVM guests
+
+Disabled by default (enable with hypervisor command line option).
+This feature is not security supported: see http://xenbits.xen.org/xsa/advisory-163.html
+
+## Virtual Hardware, QEMU
+
+These are devices available in HVM mode using a qemu devicemodel (the default).
+Note that other devices are available but not security supported.
+
+### x86/Emulated platform devices (QEMU):
+
+    Status, piix3: Supported
+
+### x86/Emulated network (QEMU):
+
+    Status, e1000: Supported
+    Status, rtl8193: Supported
+    Status, virtio-net: Supported
+
+### x86/Emulated storage (QEMU):
+
+    Status, piix3 ide: Supported
+    Status, ahci: Supported
+
+### x86/Emulated graphics (QEMU):
+
+    Status, cirrus-vga: Supported
+    Status, stgvga: Supported
+
+### x86/Emulated audio (QEMU):
+
+    Status, sb16: Supported
+    Status, es1370: Supported
+    Status, ac97: Supported
+
+### x86/Emulated input (QEMU):
+
+    Status, usbmouse: Supported
+    Status, usbtablet: Supported
+    Status, ps/2 keyboard: Supported
+    Status, ps/2 mouse: Supported
+    
+### x86/Emulated serial card (QEMU):
+
+    Status, UART 16550A: Supported
+
+### x86/Host USB passthrough (QEMU):
+
+    Status: Supported, not security supported 
+
+## Virtual Firmware
+
+### x86/HVM iPXE
+
+    Status: Supported, with caveats
+
+Booting a guest via PXE.
+PXE inherently places full trust of the guest in the network,
+and so should only be used
+when the guest network is under the same administrative control
+as the guest itself.
+
+### x86/HVM BIOS
+
+    Status: Supported
+
+Booting a guest via guest BIOS firmware
+
+### x86/HVM EFI
+
+    Status: Supported
+
+Booting a guest via guest EFI firmware
+
 # Format and definitions
 
 This file contains prose, and machine-readable fragments.