[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] EFI + tboot + Xen

To: Daniel Kiper <daniel.kiper@xxxxxxxxxx>
From: Rich Persaud <persaur@xxxxxxxxx>
Date: Mon, 17 Apr 2017 18:05:22 -0400
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ross Philipson <ross.philipson@xxxxxxxxx>, jbeulich@xxxxxxxx, xen-devel@xxxxxxxxxxxxx
Delivery-date: Mon, 17 Apr 2017 22:05:36 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Apr 14, 2017, at 16:43, Daniel Kiper <daniel.kiper@xxxxxxxxxx> wrote:

On Fri, Apr 14, 2017 at 04:17:54PM +0100, Andrew Cooper wrote:
On 14/04/2017 15:54, Daniel Kiper wrote:
Hey,

Has anybody tried to run EFI + tboot + Xen?
I have a feeling that it does not work because
tboot shuts down EFI boot services. However,
even if it works then efibootmgr is unusable
due to lack of EFI runtime services. Do we care?
Is it possible to make it work with full blown
EFI infrastructure available for Xen?

Judging by
http://hg.code.sf.net/p/tboot/code/file/9352e6391332/tboot/common/boot.S#l83
it will be grub exiting boot services. tboot needs rather more
multiboot2 knowledge before it could participate in a hand-off to Xen
while keeping boot services active.

Sure, it is not a problem. However, I was told that it was (not) done
deliberately because we cannot trust EFI due to lack of its measurement.
I am not sure it is true or not. I though that somebody played with tboot
and Xen and has some knowledge in that area. Anyway, I will investigate
this further. However, any knowledge sharing is greatly appreciated.

On the OpenXT project, Ross Philipson has an early PoC:

https://github.com/rossphilipson/efi-tboot

From the README:

---

EFI TBOOT is mostly a proof of concept at this point. It is not currently
functional. It can be built and installed as an EFI boot loader. It only works
in conjunction with Xen at the moment. The current development work is being
done on Fedora 25 x64.

The status as of March 14, 2017 is:

- EFI TBOOT will boot, but it needs a few key strokes to get going (this is
   for debugging purposes).

- EFI TBOOT will relocate itself to EFI runtime memory and setup a shared
   runtime variable with Xen.

- EFI related configuration setup is done as well as standard TBOOT pre-
   launch configuration.

- Xen is launched and has code to call EFI TBOOT back after EBS.

- EFI TBOOT then does the SENTER successfully in the callback.

- The post launch entry point is reached but the switch back to long mode
   is not working

---

Rich

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] EFI + tboot + Xen
  - From: Ross Philipson

References:
- [Xen-devel] EFI + tboot + Xen
  - From: Daniel Kiper
- Re: [Xen-devel] EFI + tboot + Xen
  - From: Andrew Cooper
- Re: [Xen-devel] EFI + tboot + Xen
  - From: Daniel Kiper

Prev by Date: [Xen-devel] [PATCH 1/2] tools: Use POSIX poll.h instead of sys/poll.h
Next by Date: Re: [Xen-devel] [PATCH V2] tests/xen-access: Added vm_event emulation tests
Previous by thread: Re: [Xen-devel] EFI + tboot + Xen
Next by thread: Re: [Xen-devel] EFI + tboot + Xen
Index(es):
- Date
- Thread