Running XSM-enabled Xen
Switching from a regular Xen deployment to an XSM-enabled Xen deployment is a matter of rebuilding Xen with XSM support and rebooting the system. Xen comes with an out-of-the-box policy that can be readily applied, which we will use as part of our XSM endeavor.
Rebuilding Xen with XSM support
Let's rebuild the Xen hypervisor and tools on the system with XSM support:
- Clean up the previous build by running the
make clean
command inside thebuild
directory (xen-4.13.1
in our example):$ make clean
- Inside the
build
directory, go to thexen
directory:$ cd xen
- Launch the Xen configuration using
make menuconfig
:$ make menuconfig
- Navigate to the XSM setting and enable the XSM-related parameters:
Common Features ---> [*] Xen Security Modules support [*] FLux Advanced Security Kernel support [*] Compile Xen with a built-in FLAS security ...