From: Bobby Eshleman <bobbyeshleman@gmail.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: michal.zygowski@3mdeb.com, Daniel Kiper <daniel.kiper@oracle.com>,
krystian.hebel@3mdeb.com, Jan Beulich <jbeulich@suse.com>,
xen-devel@lists.xenproject.org, olivier.lambert@vates.fr,
piotr.krol@3mdeb.com
Subject: Re: [RFC] UEFI Secure Boot on Xen Hosts
Date: Tue, 5 May 2020 16:58:33 -0500 [thread overview]
Message-ID: <20200505215833.GB301373@piano> (raw)
In-Reply-To: <CAMj1kXF1vRtqbGS-eptB682h1xJ8LYQi74YaTZgM1nyYcpFsYA@mail.gmail.com>
On Thu, Apr 30, 2020 at 01:41:12PM +0200, Ard Biesheuvel wrote:
> On Thu, 30 Apr 2020 at 13:15, Daniel Kiper <daniel.kiper@oracle.com> wrote:
> > Anyway, the advantage of this new protocol is that it uses UEFI API to
> > load and execute PE kernel and its modules. This means that it will be
> > architecture independent. However, IIRC, if we want to add new modules
> > types to the Xen then we have to teach all bootloaders in the wild about
> > new GUIDs. Ard, am I correct?
> >
>
> Well, if you are passing multiple files that are not interchangeable,
> each bootloader will need to do something, right? It could be another
> GUID, or we could extend the initrd media device path to take
> discriminators.
>
> So today, we have
>
> VendorMedia(5568e427-68fc-4f3d-ac74-ca555231cc68)
>
> which identifies /the/ initrd on Linux. As long as this keeps working
> as intended, I have no objections extending this to
>
> VendorMedia(5568e427-68fc-4f3d-ac74-ca555231cc68)/File(...)
>
> etc, if we can agree that omitting the File() part means the unnamed
> initrd, and that L"initrd" is reserved as a file name. That way, you
> can choose any abstract file name you want, but please note that the
> loader still needs to provide some kind of mapping of how these
> abstract file names relate to actual files selected by the user.
This seems reasonable to me and I can't think of any good reason right
now, if we go down this path, to not just extend the initrd media device
path (as opposed to creating one that is Xen-specific). It definitely
beats having a GUID per boot module since the number of modules changes
per Xen deployment, so there would need to be some range of GUIDs
representing modules specifically for Xen, and some rules as to how they
are mapped to real files.
It does seem simpler to ask the loader for "dom0's kernel" or "dom1's
initrd" and to have the loader use these references to grab real files.
> One thing to keep in mind, though, is that this protocol goes away
> after ExitBootServices().
>
Roger that.
Thanks,
-Bobby
next prev parent reply other threads:[~2020-05-05 21:59 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-29 22:51 [RFC] UEFI Secure Boot on Xen Hosts Bobby Eshleman
2020-04-30 7:01 ` Jan Beulich
2020-04-30 11:15 ` Daniel Kiper
2020-04-30 11:41 ` Ard Biesheuvel
2020-05-05 21:58 ` Bobby Eshleman [this message]
2020-05-06 6:58 ` Ard Biesheuvel
2020-04-30 22:27 ` Marek Marczykowski-Górecki
2020-04-30 22:42 ` Christopher Clark
2020-05-01 11:59 ` Daniel Kiper
2020-05-01 12:42 ` Marek Marczykowski-Górecki
2020-05-19 23:39 ` Bobby Eshleman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200505215833.GB301373@piano \
--to=bobbyeshleman@gmail.com \
--cc=ardb@kernel.org \
--cc=daniel.kiper@oracle.com \
--cc=jbeulich@suse.com \
--cc=krystian.hebel@3mdeb.com \
--cc=michal.zygowski@3mdeb.com \
--cc=olivier.lambert@vates.fr \
--cc=piotr.krol@3mdeb.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.