[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] EFI and multiboot2 devlopment work for Xen

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
Date: Mon, 21 Oct 2013 10:23:47 -0400
Cc: grub-devel@xxxxxxx, keir@xxxxxxx, david.woodhouse@xxxxxxxxx, stefano.stabellini@xxxxxxxxxxxxx, Daniel Kiper <daniel.kiper@xxxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, pjones@xxxxxxxxxx, ross.philipson@xxxxxxxxxx, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, boris.ostrovsky@xxxxxxxxxx, richard.l.maliszewski@xxxxxxxxx, ian.campbell@xxxxxxxxxx
Delivery-date: Mon, 21 Oct 2013 14:25:19 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Mon, Oct 21, 2013 at 02:36:38PM +0100, Jan Beulich wrote:
> >>> On 21.10.13 at 14:57, Daniel Kiper <daniel.kiper@xxxxxxxxxx> wrote:
> 
> (Looking at the Cc list it's quite interesting that you copied a
> whole lot of people, but not me as the maintainer of the EFI
> bits in Xen.)

I see this:

From: Daniel Kiper <daniel.kiper@xxxxxxxxxx>
To: boris.ostrovsky@xxxxxxxxxx, david.woodhouse@xxxxxxxxx,
        ian.campbell@xxxxxxxxxx, jbeulich@xxxxxxxx, keir@xxxxxxx,


You are on the 'To' instead of the 'CC'. That should make the email
arrive at your mailbox much quicker than through the mailing list?

> 
> > Separate multiboot2efi module should be established. It should verify system
> > kernel and all loaded modules using shim on EFI platforms with enabled 
> > secure boot
> 
> Each involved component verifies only the next image. I.e. the
> shim verifies the Xen image, and Xen verifies the Dom0 kernel
> binary. The Dom0 kernel (assuming it to be Linux) will then be
> responsible for dealing with its initrd. (One open question is how
> Xen ought to deal with an eventual XSM module; I take it that
> the CPUs themselves take care of the microcode blob.) This can't
> be different because the shim provided verification protocol
> assumes that it's being handed a PE image (hence the need for
> Linux to package itself as a fake PE image), and hence can't be
> used for verifying other than the Xen and Dom0 kernel binaries.
> 
> > At first I am going to prepare multiboot2 protocol implementation for Xen 
> > (there
> > is about 80% of code ready) with above mentioned workaround.
> 
> Is that really worthwhile as long as it's not clear whether ...
> 
> > Later I am going to work on multiboot2efi module.
> 
> ... is going to be accepted?
> 
> > What do you think about that?
> > Any comments, suggestions, objections?
> 
> The complications here make it pretty clear to me that the
> GrUB2-less solution (or, if GruB2 absolutely has to be involved,
> its chain loading capability) I have been advocating continues
> to be the better (and, as said before, conceptually correct)
> model.

However my understanding is that the general distro approach is
to use GRUB2 and I think we want to follow the mainstream on this.
Which means using GRUB2 and making sense of the myrid of patches
that each distro has.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] EFI and multiboot2 devlopment work for Xen
  - From: Jan Beulich

References:
- [Xen-devel] EFI and multiboot2 devlopment work for Xen
  - From: Daniel Kiper
- Re: [Xen-devel] EFI and multiboot2 devlopment work for Xen
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] BUG: bad page map under Xen
Next by Date: Re: [Xen-devel] BUG: bad page map under Xen
Previous by thread: Re: [Xen-devel] EFI and multiboot2 devlopment work for Xen
Next by thread: Re: [Xen-devel] EFI and multiboot2 devlopment work for Xen
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.