[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ImageBuilder v2] uboot-script-gen: add xen xsm policy loading support

  • To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • From: Grygorii Strashko <grygorii_strashko@xxxxxxxx>
  • Date: Thu, 17 Apr 2025 11:41:09 +0300
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PMdI+/yELdSRVzE6lNEdo9rmiOpZ/LniKDkzRbSBm04=; b=jOp0Wk5EC0sUGHCykmy24t7tcynk7WoukZ9HSkEmN/cFlEqGeWxL6AsZHdJLo2juHYcZydUCjdoo6aaJzXIUyaxMzBgTqXXb96xuTTtWgvfHbrKsGA7IgaJXGkIpQUo7whaEA24cWHtR/KVAVmFFnntCNiVeffxPtCdkMz5SlSCEaJCIDFXkS6+l4HWnPKOQBHM6YC9xkHq9vB3OuzKaqQyL2JTznB2aVMUPmILPStBFJSsA86BIQtxFw+eF28zUe5E5Zq9dFyIkytYJQa+PKBwrVrGz1c+JeUIZCHQ7BqCMiggYSCSBccHLtODy1le/1WLc1+WDt2zW0NxzYxZuPQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=TNelNYCMTcJzyMGM6rX5/9RktWZdF/Wi1NSF4l0QwFtchMHMNcolYWmC2TLbVpvPlSdv2wZTwF9csT5AYiCPPDVMCCGqMbEcJn1XE9mOMP3x+zBqnT1yqcd/4RboYbOs5UEMFgt/FgwZs74H1RrS4htBOL35ReC1RQ+CHqMgfib2Lm88E1JoS9yEirtMLM6JBE4wVbPt+HfGQuqL7PqPu+bBpAyOrukRlCgslTcErDtk6qojOs53QwPgvNRuiVe1zElHW3UGkIr1N3UuJmlMUShdxXW3jIyNA4AKBQkW66Nr1e2aIt1lHMz1jerlZXc/Q4jM4Hia2ydWdlhnRiizag==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Oleksandr Tyshchenko <Oleksandr_Tyshchenko@xxxxxxxx>, Alejandro Vallejo <agarciav@xxxxxxx>
  • Delivery-date: Thu, 17 Apr 2025 08:41:18 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>


On 17.04.25 01:03, Stefano Stabellini wrote:

On Tue, 15 Apr 2025, Grygorii Strashko wrote:

From: Grygorii Strashko <grygorii_strashko@xxxxxxxx>

This patch adds Xen XSM policy loading support.

The configuration file XEN_POLICY specifies Xen hypervisor
XSM policy binary to load.

Signed-off-by: Grygorii Strashko <grygorii_strashko@xxxxxxxx>
---
changes in v2:
- fix conditional statements for XEN_POLICY
- add XSM policy binary check

  README.md                |  2 ++
  scripts/uboot-script-gen | 34 ++++++++++++++++++++++++++++++++++
  2 files changed, 36 insertions(+)

diff --git a/README.md b/README.md
index 137abef153ce..9106d2a07302 100644
--- a/README.md
+++ b/README.md
@@ -91,6 +91,8 @@ Where:
  - XEN specifies the Xen hypervisor binary to load. Note that it has to
    be a regular Xen binary, not a u-boot binary.
+- XEN_POLICY specifies the Xen hypervisor XSM policy binary to load. 
+
  - XEN_COLORS specifies the colors (cache coloring) to be used for Xen
    and is in the format startcolor-endcolor
diff --git a/scripts/uboot-script-gen b/scripts/uboot-script-gen 
index c4d26caf5e0e..208eafdecfeb 100755
--- a/scripts/uboot-script-gen
+++ b/scripts/uboot-script-gen
@@ -315,6 +315,15 @@ function xen_device_tree_editing()
      dt_set "/chosen" "#size-cells" "hex" "0x2"
      dt_set "/chosen" "xen,xen-bootargs" "str" "$XEN_CMD"
+ if test -n "$XEN_POLICY" && test "$xen_policy_addr" != "-" 
+    then
+        local node_name="xen-policy@${xen_policy_addr#0x}"
+
+        dt_mknode "/chosen" "$node_name"
+        dt_set "/chosen/$node_name" "compatible" "str_a" "xen,xsm-policy 
xen,multiboot-module multiboot,module"
+        dt_set "/chosen/$node_name" "reg" "hex" "$(split_addr_size $xen_policy_addr 
$xen_policy_size)"
+    fi
+
      if test "$DOM0_KERNEL"
      then
          local node_name="dom0@${dom0_kernel_addr#0x}"
@@ -900,6 +909,15 @@ xen_file_loading()
      kernel_addr=$memaddr
      kernel_path=$XEN
      load_file "$XEN" "host_kernel"
+
+    xen_policy_addr="-"
+    if test -n "$XEN_POLICY"
+    then
+        check_file_type "${XEN_POLICY}" "SE Linux policy"
+        xen_policy_addr=$memaddr
+        load_file "$XEN_POLICY" "xen_policy"
+        xen_policy_size=$filesize
+    fi
  }
linux_file_loading() 
@@ -939,6 +957,22 @@ bitstream_load_and_config()
create_its_file_xen() 
  {
+    if test -n "$XEN_POLICY" && test "$xen_policy_addr" != "-"
+    then
+        cat >> "$its_file" <<- EOF
+        xen_policy {
+            description = "Xen XSM policy binary";
+            data = /incbin/("$XEN_POLICY");
+            type = "kernel";


This should be "firmware". Aside from that, the patch is fine.
If you are OK with it, I can fix it on commit.



I'm ok. Thank you.

--
Best regards,
-grygorii

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.