Xen project Mailing List

Re: [Xen-devel] [PATCH] x86/boot: fix MB2 header to require EFI BS

To: Daniel Kiper <daniel.kiper@xxxxxxxxxx>

From: Doug Goldstein <cardoe@xxxxxxxxxx>

Date: Tue, 24 Oct 2017 15:28:52 -0500

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Delivery-date: Tue, 24 Oct 2017 20:29:05 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 10/24/17 3:08 PM, Daniel Kiper wrote: > On Tue, Oct 24, 2017 at 02:40:41PM -0500, Doug Goldstein wrote: >> The EFI multiboot2 entry point currently requires EFI BootServices to >> not have been exited however the header currently tells the boot >> loader that Xen optionally supports EFI BootServices having been exited. >> With this change Xen properly advertises that EFI must not be exited >> allowing the boot loader to report an error that it cannot boot Xen if >> it is unable to meet its needs. >> >> Signed-off-by: Doug Goldstein <cardoe@xxxxxxxxxx> >> --- >> >> This should likely be applied against Xen 4.9 and Xen 4.10 as well as >> staging. I am trying to get multiboot2 support for iPXE and upstream >> is concerned that leaving EFI BootServices enabled will not be >> compatible with their aims to support Secure Boot. So when I build > > Hmmm... What are exact arguments for that? How do they implement e.g. > chain loading then? What about the shim support? Look they have concerns about it. As we've talked about this in the past and I encourage you communicate with them. You are the author of the multiboot2 spec. I'm just trying to do my best to PXE boot Xen on EFI systems and make all upstreams (Xen & iPXE) happy. >> >> Unfortunately the spec is a bit vague and how I am reading it is: >> - no tag = exit boot services in the boot loader >> - tag present marked optional = boot loader can or cannot exit boot services >> - tag present marked required = boot loader cannot exit boot services > > NACK, please take a look at section 3.1.4, Multiboot2 information request > in Multiboot2 spec. OPTIONAL/REQUIRED has different meaning for the bootloader > than you think. > I still don't see any issue with my interpretation based on what you pointed me to. There's a hole here with what Xen asks for of the boot loader to do. The boot loader is told that Xen optionally supports the boot loader not exiting boot services when in fact Xen requires the boot loader to not exit boot services. Somehow we need to convey this to the boot loader. -- Doug Goldstein _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.