[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: xen/arm: attaching block devices under EFI

To: Benjamin Mordaunt <crawford.benjamin15@xxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>
From: Julien Grall <julien@xxxxxxx>
Date: Thu, 20 Oct 2022 19:54:58 +0100
Cc: "xen-users@xxxxxxxxxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 20 Oct 2022 18:55:37 +0000
List-id: Xen user discussion <xen-users.lists.xenproject.org>

(+ Stefano)

Hi Benjamin,


On 08/10/2022 18:55, Benjamin Mordaunt wrote:

Following my previous chat with Julien, I'm assuming the flow:

U-Boot -> Xen -> EFI (for guest) -> GRUB -> Ubuntu

is not really possible - there is no chain of trust for secure boot,
and EFI information from the underlying firmware is lost (i.e. what EFI
information would Xen present to the guest's GRUB?)

Good question. Today, Xen is not directly involved with for UEFI in theguest. Instead, we are booting EDK2 as if it were an OS. EDK2, will thenexpose UEFI to GRUB.

I know that Stefano is working on exposing a TPM to the guest. Maybethat could help you in this situation?


So I'm now investigating a full EFI+arm stack, but some things are still
not clear. I'm following the information presented in [1], but can't see
how you dedicate block devices to a particular domain, like you can with
a standard xl.cfg configuration. Let's take a DomU DT entry from [1] as
an example:

domU1 {
     #size-cells = <0x1>;
     #address-cells = <0x1>;
     compatible = "xen,domain";
     cpus = <0x1>;
     memory = <0x0 0xc0000>;
     vpl011;

     module@1 {
         compatible = "multiboot,kernel", "multiboot,module";
        xen,uefi-binary = "Image-domu1.bin";
        bootargs = "console=ttyAMA0 root=/dev/ram0 rw":
     };
};

So, what if I have a Linux image in some filesystem image somewhere, (I
imagine in the Dom0 rootfs or more ideally in an LVM volume) that
contains an EFI GRUB2 image that I want to boot into? I see no reference
to a "disk" option, as you would write into a traditional Xen config
file?

This example above will boot a guest from Xen directly (rather thandom0). If you were to boot the guest from dom0 (e.g. by using xl), thenyou could specificy the disk in xl.cfg.

The next release of Xen will also allow you to assign PV device (likethe block) to domain created by Xen. However, I am not sure whether EDK2will be able to cope with it because the block disk will be attachedlater. I have added Stefano who worked on the feature and may be able toprovide more details.


Cheers,

--
Julien Grall

References:
- PvGRUB2 on Arm64?
  - From: Benjamin Mordaunt
- Re: PvGRUB2 on Arm64?
  - From: Juergen Gross
- Re: PvGRUB2 on Arm64?
  - From: Benjamin Mordaunt
- Re: PvGRUB2 on Arm64?
  - From: Julien Grall
- RE: PvGRUB2 on Arm64?
  - From: Benjamin Mordaunt
- Re: PvGRUB2 on Arm64?
  - From: Julien Grall
- Re: PvGRUB2 on Arm64?
  - From: Benjamin Mordaunt
- xen/arm: attaching block devices under EFI
  - From: Benjamin Mordaunt

Prev by Date: Shared memory between DomU and Dom0
Next by Date: Re: xen/arm: attaching block devices under EFI
Previous by thread: Re: xen/arm: attaching block devices under EFI
Next by thread: Re: PvGRUB2 on Arm64?
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.