[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4 04/14] firmware/makefile: install BIOS blob ...

On 3/14/16 5:55 PM, Anthony PERARD wrote:
> ... into the firmware directory, along with hvmloader.
> 
> Signed-off-by: Anthony PERARD <anthony.perard@xxxxxxxxxx>
> ---
> Change in V4:
> - remove install of acpi dsdt table
> 
> Change in V3:
> - do not check if ROMs file exist before installing, they should exist
> - change rules for dsdt_anycpu_qemu_xen.c in oder to generate both .c and
>   .aml files without changing temporarly the other dsdt_*.c rules.
> ---
>  tools/firmware/Makefile | 13 +++++++++++++
>  1 file changed, 13 insertions(+)
> 
> diff --git a/tools/firmware/Makefile b/tools/firmware/Makefile
> index 6cc86ce..6a37758 100644
> --- a/tools/firmware/Makefile
> +++ b/tools/firmware/Makefile
> @@ -19,6 +19,9 @@ SUBDIRS-y += hvmloader
>  
>  LD32BIT-$(CONFIG_FreeBSD) := LD32BIT_FLAG=-melf_i386_fbsd
>  
> +SEABIOS_ROM := seabios-dir/out/bios.bin
> +OVMF_ROM := ovmf-dir/ovmf.bin
> +
>  ovmf-dir:
>       GIT=$(GIT) $(XEN_ROOT)/scripts/git-checkout.sh $(OVMF_UPSTREAM_URL) 
> $(OVMF_UPSTREAM_REVISION) ovmf-dir
>       cp ovmf-makefile ovmf-dir/Makefile;
> @@ -45,6 +48,16 @@ endif
>  install: all
>       [ -d $(INST_DIR) ] || $(INSTALL_DIR) $(INST_DIR)
>       [ ! -e $(TARGET) ] || $(INSTALL_DATA) $(TARGET) $(INST_DIR)
> +ifeq ($(CONFIG_SEABIOS),y)
> +ifeq ($(SEABIOS_PATH),)
> +     $(INSTALL_DATA) $(SEABIOS_ROM) $(INST_DIR)/seabios.bin
> +endif
> +endif
> +ifeq ($(CONFIG_OVMF),y)
> +ifeq ($(OVMF_PATH),)
> +     $(INSTALL_DATA) $(OVMF_ROM) $(INST_DIR)/ovmf.bin
> +endif
> +endif
>  
>  .PHONY: clean
>  clean: subdirs-clean
> 

So I'm going to toss this out there but what if we don't install these
at all? We talked about reducing the scope that the Xen Security team
had to maintain. What if we just state that SeaBIOS and/or OVMF are
dependencies? All the downstream distros don't use the pre-built
binaries from Xen and build it themselves. For plain Xen users we just
add that to the list of dependencies.

I think SeaBIOS and OVMF are a lot more low risk than something like
QEMU since they have a very clear target so they're a lot more likely to
remain stable. SeaBIOS also has a fairly low level of churn, especially
on stable branches.


Just a thought.
-- 
Doug Goldstein

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.