Xen project Mailing List

Re: [PATCH v2 20/22] x86/slaunch: support EFI boot

To: Demi Marie Obenour <demiobenour@xxxxxxxxx>

From: Sergii Dmytruk <sergii.dmytruk@xxxxxxxxx>

Date: Wed, 14 May 2025 17:24:50 +0300

Authentication-results: garm.ovh; auth=pass (GARM-113S00752e3d6b3-b61f-45c4-985f-1d64059a3d14, 1A2B554256F610091AB5939E0627E839E0136BDA) smtp.auth=sergii.dmytruk@xxxxxxxxx

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Ross Philipson <ross.philipson@xxxxxxxxxx>, trenchboot-devel@xxxxxxxxxxxxxxxx

Delivery-date: Wed, 14 May 2025 14:25:19 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, May 13, 2025 at 09:25:44PM -0400, Demi Marie Obenour wrote: > On 5/13/25 1:05 PM, Sergii Dmytruk wrote: > > When running on an EFI-enabled system, Xen needs to have access to Boot > > Services in order to initialize itself properly and reach a state in > > which a dom0 kernel can operate without issues. > > > > This means that DRTM must be started in the middle of Xen's > > initialization process. This effect is achieved via a callback into > > bootloader (GRUB) which is responsible for initiating DRTM and > > continuing Xen's initialization process. The latter is done by > > branching in Slaunch entry point on a flag to switch back into long mode > > before calling the same function which Xen would execute as the next > > step without DRTM. > > Depending on the bootloader for this unnecessarily ties DRTM to GRUB. > Instead, it would be much better for Xen to be able to perform DRTM > itself, which would allow DRTM to work without GRUB. Pop! OS already > uses systemd-boot and the trend seems to be from GRUB to systemd-boot. > Furthermore, this would allow DRTM with Xen launched directly from > the UEFI firmware. > -- > Sincerely, > Demi Marie Obenour (she/her/hers) That sentence in the commit message is worth rewording. GRUB isn't a requirement, any TrenchBoot-enabled bootloader (or anything that wants to act as a bootloader) can be used. systemd-boot could implement Secure Launch specification [0] and start Xen/Linux/something else via DRTM. Usage without a real bootloader could be implemented similarly via some EFI stub that has binaries embedded into it or that can load them from a drive. Mind that at least Intel and AMD DRTM implementations require a DCE [1] binary that depends on a vendor, firmware version or a CPU generation. So even embedding all code into every kernel-like software won't produce self-contained DRTM-capable images. [0]: https://trenchboot.org/specifications/Secure_Launch/ [1]: https://trenchboot.org/theory/Glossary/#dynamic-configuration-environment-dce Regards

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.