From: Daniel Kiper <daniel.kiper@oracle.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: jbeulich@suse.com, xen-devel@lists.xen.org
Subject: Re: EFI + tboot + Xen
Date: Fri, 14 Apr 2017 22:43:29 +0200 [thread overview]
Message-ID: <20170414204329.GV16658@olila.local.net-space.pl> (raw)
In-Reply-To: <9e3afa8c-e00d-64e0-61c8-9d6166cf797b@citrix.com>
On Fri, Apr 14, 2017 at 04:17:54PM +0100, Andrew Cooper wrote:
> On 14/04/2017 15:54, Daniel Kiper wrote:
> > Hey,
> >
> > Has anybody tried to run EFI + tboot + Xen?
> > I have a feeling that it does not work because
> > tboot shuts down EFI boot services. However,
> > even if it works then efibootmgr is unusable
> > due to lack of EFI runtime services. Do we care?
> > Is it possible to make it work with full blown
> > EFI infrastructure available for Xen?
>
> Judging by
> http://hg.code.sf.net/p/tboot/code/file/9352e6391332/tboot/common/boot.S#l83
> it will be grub exiting boot services. tboot needs rather more
> multiboot2 knowledge before it could participate in a hand-off to Xen
> while keeping boot services active.
Sure, it is not a problem. However, I was told that it was (not) done
deliberately because we cannot trust EFI due to lack of its measurement.
I am not sure it is true or not. I though that somebody played with tboot
and Xen and has some knowledge in that area. Anyway, I will investigate
this further. However, any knowledge sharing is greatly appreciated.
Daniel
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-04-14 20:43 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-14 14:54 EFI + tboot + Xen Daniel Kiper
2017-04-14 15:17 ` Andrew Cooper
2017-04-14 20:43 ` Daniel Kiper [this message]
2017-04-17 22:05 ` Rich Persaud
2017-04-25 14:39 ` Ross Philipson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170414204329.GV16658@olila.local.net-space.pl \
--to=daniel.kiper@oracle.com \
--cc=andrew.cooper3@citrix.com \
--cc=jbeulich@suse.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.