[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] EFI and multiboot2 devlopment work for Xen
On 23.10.2013 09:43, Daniel Kiper wrote: > On Mon, Oct 21, 2013 at 11:16:24PM +0200, Vladimir 'Ï-coder/phcoder' > Serbinenko wrote: >> Mail is big, I think I got your essential points but I didn't read it whole. >> On 21.10.2013 14:57, Daniel Kiper wrote: >>> Hi, >>> >>> During work on multiboot2 protocol support for Xen it was discovered >>> that memory map passed via relevant tag could not represent wide range >>> of memory types available on EFI platforms. Additionally, GRUB2 >>> implementation calls ExitBootServices() on them just before jumping >>> into loaded image. In this situation loaded system could not clearly >>> identify reserved memory regions, EFI runtime services regions and others. >>> >> Will a multiboot2 tag with whole EFI memory map solve your problem? >>> Additionally, it should be mentioned that there is no possibility or it >>> could >>> be very difficult to implement secure boot on EFI platforms using GRUB2 as >>> boot >>> loader because, as it was mentioned earlier, it calls ExitBootServices(). >>> >> GRUB has generic support for signing kernels/modules/whatsoever using >> GnuPG signatures. You'd just have to ship xen.sig and kernel.sig. This >> method doesn't have any controversy associated with EFI stuff but at >> this particular case does exactly the same thing: verify signature. >> multiboot2 is mainly memory structure specification so probably how the >> files are checked is outside of its scope. But it's possible to add >> specification on how to embed signatures in kernel. > > I think that EFI signatures should be supported because they are quite > common right now. However, I think that it is also worth to support > GnuPG signatures. This way anybody will be able to choose good solution > for a given case. > Agreed. > Daniel > Attachment:
signature.asc _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |