Patch 1: Restrict the privcmd driver in unprivileged domU to only allow hypercalls targeting a specific domain obtained from Xenstore, preventing secure boot bypass. Patch 2: Unregister the xenstore notifier on module exit to clean up resources added by patch 1. Patch 3: Add an unrestricted boot parameter to optionally allow all hypercalls when secure boot is not active, guarded by a new lockdown reason. GuoHan Zhao (1): xen/privcmd: unregister xenstore notifier on module exit Juergen Gross (2): xen/privcmd: restrict usage in unprivileged domU xen/privcmd: add boot control for restricted usage in domU drivers/xen/privcmd.c | 78 +++++++++++++++++++++++++++++++++++++--- include/linux/security.h | 1 + security/security.c | 1 + 3 files changed, 75 insertions(+), 5 deletions(-) -- 2.22.0