Xen project Mailing List

Re: [Xen-devel] [PATCH] x86/boot: fix MB2 header to require EFI BS

From: Daniel Kiper <daniel.kiper@xxxxxxxxxx>

Date: Tue, 24 Oct 2017 22:08:26 +0200

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Delivery-date: Tue, 24 Oct 2017 20:08:52 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Tue, Oct 24, 2017 at 02:40:41PM -0500, Doug Goldstein wrote: > The EFI multiboot2 entry point currently requires EFI BootServices to > not have been exited however the header currently tells the boot > loader that Xen optionally supports EFI BootServices having been exited. > With this change Xen properly advertises that EFI must not be exited > allowing the boot loader to report an error that it cannot boot Xen if > it is unable to meet its needs. > > Signed-off-by: Doug Goldstein <cardoe@xxxxxxxxxx> > --- > > This should likely be applied against Xen 4.9 and Xen 4.10 as well as > staging. I am trying to get multiboot2 support for iPXE and upstream > is concerned that leaving EFI BootServices enabled will not be > compatible with their aims to support Secure Boot. So when I build Hmmm... What are exact arguments for that? How do they implement e.g. chain loading then? What about the shim support? > my iPXE without support for passing on Boot Services, Xen will be > loaded by iPXE but then it will fall down with "ERR: Bootloader > shutdown EFI x64 boot services!" implying that this is required. By > having Xen expose in its header that its required it allows me to > handle the situation gracefully in iPXE. > > To quote the multiboot2 spec exact: > > "This tag indicates that payload supports starting without terminating > boot services." > > Unfortunately the spec is a bit vague and how I am reading it is: > - no tag = exit boot services in the boot loader > - tag present marked optional = boot loader can or cannot exit boot services > - tag present marked required = boot loader cannot exit boot services NACK, please take a look at section 3.1.4, Multiboot2 information request in Multiboot2 spec. OPTIONAL/REQUIRED has different meaning for the bootloader than you think. > In the future I would like to add support to Xen to allow it to run > without boot services but presently that support isn't there. I tried that. This is difficult but not impossible. Hmmm... IIRC, some things are impossible. Please take a look at efi_multiboot2() and you quickly will know. Though why not try again. Daniel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.