Xen project Mailing List

Re: [Xen-devel] [PATCH] x86/boot: fix MB2 header to require EFI BS

From: Daniel Kiper <daniel.kiper@xxxxxxxxxx>

Date: Tue, 24 Oct 2017 23:40:45 +0200

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Delivery-date: Tue, 24 Oct 2017 21:40:59 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Tue, Oct 24, 2017 at 03:28:52PM -0500, Doug Goldstein wrote: > On 10/24/17 3:08 PM, Daniel Kiper wrote: > > On Tue, Oct 24, 2017 at 02:40:41PM -0500, Doug Goldstein wrote: > >> The EFI multiboot2 entry point currently requires EFI BootServices to > >> not have been exited however the header currently tells the boot > >> loader that Xen optionally supports EFI BootServices having been exited. > >> With this change Xen properly advertises that EFI must not be exited > >> allowing the boot loader to report an error that it cannot boot Xen if > >> it is unable to meet its needs. > >> > >> Signed-off-by: Doug Goldstein <cardoe@xxxxxxxxxx> > >> --- > >> > >> This should likely be applied against Xen 4.9 and Xen 4.10 as well as > >> staging. I am trying to get multiboot2 support for iPXE and upstream > >> is concerned that leaving EFI BootServices enabled will not be > >> compatible with their aims to support Secure Boot. So when I build > > > > Hmmm... What are exact arguments for that? How do they implement e.g. > > chain loading then? What about the shim support? > > Look they have concerns about it. As we've talked about this in the past If I do something I like to know why I have to do it. > and I encourage you communicate with them. You are the author of the I remember but, sorry, IIRC, I heard just only vague statements like that. So, I would like to know exact reasons finally. And I hoped that they told you more then simple "NO". > multiboot2 spec. I'm just trying to do my best to PXE boot Xen on EFI > systems and make all upstreams (Xen & iPXE) happy. Once again, I am happy to help. Though I have to know why I have to do this or that. No more no less. > >> Unfortunately the spec is a bit vague and how I am reading it is: > >> - no tag = exit boot services in the boot loader > >> - tag present marked optional = boot loader can or cannot exit boot > >> services > >> - tag present marked required = boot loader cannot exit boot services > > > > NACK, please take a look at section 3.1.4, Multiboot2 information request > > in Multiboot2 spec. OPTIONAL/REQUIRED has different meaning for the > > bootloader > > than you think. > > I still don't see any issue with my interpretation based on what you > pointed me to. There's a hole here with what Xen asks for of the boot > loader to do. > > The boot loader is told that Xen optionally supports the boot loader not > exiting boot services when in fact Xen requires the boot loader to not > exit boot services. Somehow we need to convey this to the boot loader. Sorry, maybe I was too vague this time. Please look at my replay to Andrew. It should help. Daniel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.