|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] (pv)?grub and PVHv2
On Mon, Jun 5, 2017 at 1:08 PM, Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote: > On 05/06/17 11:55, George Dunlap wrote: >> On Fri, Jun 2, 2017 at 10:58 AM, Roger Pau Monné <roger.pau@xxxxxxxxxx> >> wrote: >>> On Fri, Jun 02, 2017 at 11:33:50AM +0200, Marek Marczykowski-Górecki wrote: >>>> Hi, >>>> >>>> Is there any method to boot PVHv2 domain using a kernel fetched from >>>> that domain's disk image, _without_ mounting it in dom0? Something like >>>> pvgrub was for PV. >>> Hello, >>> >>> Anthony (Cced) is working on an OVMF port, so it can be used as >>> firmware for PVHv2 guests. >> I think in theory it shouldn't be too hard to port the pvgrub2 code to >> boot into PVH, since it already boots in PV, right? >> >> Is this something we should try to encourage, or do you think it would >> be better to route everyone through EFI? > > Even a PVH pvgrub still suffers the a priori problem which makes booting > PV guests extremely difficult. You don't know ahead-of-time which > bootloader the guest is using without peering at its disks, which opens > a massive attack surface in dom0. > > Using things like EFI allows any compatible OS to function, not just > ones which use grub. I wasn't suggesting loading the grub bootloader off the disk image; I was suggesting using a fixed pvgrub supplied by the host. That's what happens for PV guests using pvgrub at the moment. Using pvgrub allows any grub-compatible OS to function; using EFI allows any EFI-compatible OS to function. There are many which would be one but not the other. (But I suppose, there would not be many that were both PVH compatible and not EFI compatible.) -George _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |