[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4 04/14] firmware/makefile: install BIOS blob ...

On Mon, 18 Apr 2016, Doug Goldstein wrote:
> On 3/14/16 5:55 PM, Anthony PERARD wrote:
> > ... into the firmware directory, along with hvmloader.
> > 
> > Signed-off-by: Anthony PERARD <anthony.perard@xxxxxxxxxx>
> > ---
> > Change in V4:
> > - remove install of acpi dsdt table
> > 
> > Change in V3:
> > - do not check if ROMs file exist before installing, they should exist
> > - change rules for dsdt_anycpu_qemu_xen.c in oder to generate both .c and
> >   .aml files without changing temporarly the other dsdt_*.c rules.
> > ---
> >  tools/firmware/Makefile | 13 +++++++++++++
> >  1 file changed, 13 insertions(+)
> > 
> > diff --git a/tools/firmware/Makefile b/tools/firmware/Makefile
> > index 6cc86ce..6a37758 100644
> > --- a/tools/firmware/Makefile
> > +++ b/tools/firmware/Makefile
> > @@ -19,6 +19,9 @@ SUBDIRS-y += hvmloader
> >  
> >  LD32BIT-$(CONFIG_FreeBSD) := LD32BIT_FLAG=-melf_i386_fbsd
> >  
> > +SEABIOS_ROM := seabios-dir/out/bios.bin
> > +OVMF_ROM := ovmf-dir/ovmf.bin
> > +
> >  ovmf-dir:
> >     GIT=$(GIT) $(XEN_ROOT)/scripts/git-checkout.sh $(OVMF_UPSTREAM_URL) 
> > $(OVMF_UPSTREAM_REVISION) ovmf-dir
> >     cp ovmf-makefile ovmf-dir/Makefile;
> > @@ -45,6 +48,16 @@ endif
> >  install: all
> >     [ -d $(INST_DIR) ] || $(INSTALL_DIR) $(INST_DIR)
> >     [ ! -e $(TARGET) ] || $(INSTALL_DATA) $(TARGET) $(INST_DIR)
> > +ifeq ($(CONFIG_SEABIOS),y)
> > +ifeq ($(SEABIOS_PATH),)
> > +   $(INSTALL_DATA) $(SEABIOS_ROM) $(INST_DIR)/seabios.bin
> > +endif
> > +endif
> > +ifeq ($(CONFIG_OVMF),y)
> > +ifeq ($(OVMF_PATH),)
> > +   $(INSTALL_DATA) $(OVMF_ROM) $(INST_DIR)/ovmf.bin
> > +endif
> > +endif
> >  
> >  .PHONY: clean
> >  clean: subdirs-clean
> > 
> 
> So I'm going to toss this out there but what if we don't install these
> at all? We talked about reducing the scope that the Xen Security team
> had to maintain. What if we just state that SeaBIOS and/or OVMF are
> dependencies? All the downstream distros don't use the pre-built
> binaries from Xen and build it themselves. For plain Xen users we just
> add that to the list of dependencies.
> 
> I think SeaBIOS and OVMF are a lot more low risk than something like
> QEMU since they have a very clear target so they're a lot more likely to
> remain stable. SeaBIOS also has a fairly low level of churn, especially
> on stable branches.
 
Just to add to your argument, Raisin already supports both SeaBIOS and
OVMF. That's another way for users to build them if they want to.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.