Xen project Mailing List

Re: [ImageBuilder v2] uboot-script-gen: add xen xsm policy loading support

To: Grygorii Strashko <grygorii_strashko@xxxxxxxx>

From: Stefano Stabellini <sstabellini@xxxxxxxxxx>

Date: Wed, 16 Apr 2025 15:03:44 -0700 (PDT)

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Oleksandr Tyshchenko <Oleksandr_Tyshchenko@xxxxxxxx>, Alejandro Vallejo <agarciav@xxxxxxx>

Delivery-date: Wed, 16 Apr 2025 22:03:58 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, 15 Apr 2025, Grygorii Strashko wrote: > From: Grygorii Strashko <grygorii_strashko@xxxxxxxx> > > This patch adds Xen XSM policy loading support. > > The configuration file XEN_POLICY specifies Xen hypervisor > XSM policy binary to load. > > Signed-off-by: Grygorii Strashko <grygorii_strashko@xxxxxxxx> > --- > changes in v2: > - fix conditional statements for XEN_POLICY > - add XSM policy binary check > > README.md | 2 ++ > scripts/uboot-script-gen | 34 ++++++++++++++++++++++++++++++++++ > 2 files changed, 36 insertions(+) > > diff --git a/README.md b/README.md > index 137abef153ce..9106d2a07302 100644 > --- a/README.md > +++ b/README.md > @@ -91,6 +91,8 @@ Where: > - XEN specifies the Xen hypervisor binary to load. Note that it has to > be a regular Xen binary, not a u-boot binary. > > +- XEN_POLICY specifies the Xen hypervisor XSM policy binary to load. > + > - XEN_COLORS specifies the colors (cache coloring) to be used for Xen > and is in the format startcolor-endcolor > > diff --git a/scripts/uboot-script-gen b/scripts/uboot-script-gen > index c4d26caf5e0e..208eafdecfeb 100755 > --- a/scripts/uboot-script-gen > +++ b/scripts/uboot-script-gen > @@ -315,6 +315,15 @@ function xen_device_tree_editing() > dt_set "/chosen" "#size-cells" "hex" "0x2" > dt_set "/chosen" "xen,xen-bootargs" "str" "$XEN_CMD" > > + if test -n "$XEN_POLICY" && test "$xen_policy_addr" != "-" > + then > + local node_name="xen-policy@${xen_policy_addr#0x}" > + > + dt_mknode "/chosen" "$node_name" > + dt_set "/chosen/$node_name" "compatible" "str_a" "xen,xsm-policy > xen,multiboot-module multiboot,module" > + dt_set "/chosen/$node_name" "reg" "hex" "$(split_addr_size > $xen_policy_addr $xen_policy_size)" > + fi > + > if test "$DOM0_KERNEL" > then > local node_name="dom0@${dom0_kernel_addr#0x}" > @@ -900,6 +909,15 @@ xen_file_loading() > kernel_addr=$memaddr > kernel_path=$XEN > load_file "$XEN" "host_kernel" > + > + xen_policy_addr="-" > + if test -n "$XEN_POLICY" > + then > + check_file_type "${XEN_POLICY}" "SE Linux policy" > + xen_policy_addr=$memaddr > + load_file "$XEN_POLICY" "xen_policy" > + xen_policy_size=$filesize > + fi > } > > linux_file_loading() > @@ -939,6 +957,22 @@ bitstream_load_and_config() > > create_its_file_xen() > { > + if test -n "$XEN_POLICY" && test "$xen_policy_addr" != "-" > + then > + cat >> "$its_file" <<- EOF > + xen_policy { > + description = "Xen XSM policy binary"; > + data = /incbin/("$XEN_POLICY"); > + type = "kernel"; This should be "firmware". Aside from that, the patch is fine. If you are OK with it, I can fix it on commit. > + arch = "arm64"; > + os = "linux"; > + compression = "none"; > + load = <$xen_policy_addr>; > + $fit_algo > + }; > + EOF > + fi > + > if test "$DOM0_KERNEL" > then > if test "$ramdisk_addr" != "-" > -- > 2.34.1 >

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.