[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v2 0/8] Change xen.efi build and add SHIM_LOCK verification into efi_multiboot2()

To: xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Daniel Kiper <daniel.kiper@xxxxxxxxxx>
Date: Tue, 19 Jun 2018 16:35:38 +0200
Cc: sstabellini@xxxxxxxxxx, wei.liu2@xxxxxxxxxx, george.dunlap@xxxxxxxxxxxxx, andrew.cooper3@xxxxxxxxxx, ian.jackson@xxxxxxxxxxxxx, tim@xxxxxxx, julien.grall@xxxxxxx, jbeulich@xxxxxxxx, tamas.k.lengyel@xxxxxxxxx
Delivery-date: Tue, 19 Jun 2018 14:36:45 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hey,

As in subject... This way we get:
  - one binary which can be loaded by the UEFI loader, Multiboot and
    Multiboot2 protocols,
  - UEFI secure boot support when Xen is loaded via Multiboot2 protocol,
  - if we wish, in the future we can drop xen/xen.gz and build
    xen.efi only,
  - crash dumps generated by the xen.efi loaded from the EFI loader
    can be analyzed by crash tool,
  - simpler code,
  - simpler build,
  - Xen build will no longer depend on ld i386pep support.

This patch series functionality does not depend on any GRUB2 changes.
So, review can commence without any obstacles. Though the GRUB2 have
to be changed to provide full verification chain. This will be
discussed in separate thread.

Daniel

 xen/Makefile                    |   26 +++---
 xen/arch/arm/efi/efi-boot.h     |    4 -
 xen/arch/x86/Makefile           |   88 +-------------------
 xen/arch/x86/Rules.mk           |    2 +
 xen/arch/x86/boot/head.S        |  205 
+++++++++++++++++++++++++++++++++++++++++++--
 xen/arch/x86/efi/Makefile       |   17 +---
 xen/arch/x86/efi/buildid.ihex   |    3 -
 xen/arch/x86/efi/check.c        |    4 -
 xen/arch/x86/efi/efi-boot.h     |   84 ++++---------------
 xen/arch/x86/efi/mkreloc.c      |  384 
------------------------------------------------------------------------------------
 xen/arch/x86/efi/relocs-dummy.S |   11 ---
 xen/arch/x86/efi/stub.c         |   83 ------------------
 xen/arch/x86/xen.lds.S          |   95 ++++++---------------
 xen/common/efi/boot.c           |   21 +++--
 xen/common/version.c            |   51 ------------
 xen/include/xen/compile.h.in    |    1 +
 16 files changed, 277 insertions(+), 802 deletions(-)

Daniel Kiper (8):
      xen: calculate XEN_BUILD_TIME using XEN_BUILD_DATE value
      xen: introduce XEN_COMPILE_POSIX_TIME
      xen/x86: manually build xen.mb.efi binary
      xen/x86: add some addresses to the Multiboot header
      xen/x86: add some addresses to the Multiboot2 header
      efi: split out efi_shim_lock()
      xen/x86/efi: Verify dom0 kernel with SHIM_LOCK protocol in 
efi_multiboot2()
      efi: drop original xen.efi code and build mechanism


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- [Xen-devel] [PATCH v2 8/8] efi: drop original xen.efi code and build mechanism
  - From: Daniel Kiper
- [Xen-devel] [PATCH v2 7/8] xen/x86/efi: Verify dom0 kernel with SHIM_LOCK protocol in efi_multiboot2()
  - From: Daniel Kiper
- [Xen-devel] [PATCH v2 2/8] xen: introduce XEN_COMPILE_POSIX_TIME
  - From: Daniel Kiper
- [Xen-devel] [PATCH v2 6/8] efi: split out efi_shim_lock()
  - From: Daniel Kiper
- [Xen-devel] [PATCH v2 5/8] xen/x86: add some addresses to the Multiboot2 header
  - From: Daniel Kiper
- [Xen-devel] [PATCH v2 1/8] xen: calculate XEN_BUILD_TIME using XEN_BUILD_DATE value
  - From: Daniel Kiper
- [Xen-devel] [PATCH v2 4/8] xen/x86: add some addresses to the Multiboot header
  - From: Daniel Kiper
- [Xen-devel] [PATCH v2 3/8] xen/x86: manually build xen.mb.efi binary
  - From: Daniel Kiper

Prev by Date: Re: [Xen-devel] [PATCH v2] x86/mm: Add mem access rights to NPT
Next by Date: [Xen-devel] [PATCH v2 3/8] xen/x86: manually build xen.mb.efi binary
Previous by thread: [Xen-devel] [PATCH 1/1] build: remove stray .*.d2 files during clean/distclean
Next by thread: [Xen-devel] [PATCH v2 3/8] xen/x86: manually build xen.mb.efi binary
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.