[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen 4.12.0 Dom0=pvh mode EFI variables 'not supported' after boot

To: Roger Pau Monné <royger@xxxxxxxxxxx>
From: PGNet Dev <pgnet.dev@xxxxxxxxx>
Date: Fri, 24 May 2019 08:33:51 -0700
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, boris.ostrovsky@xxxxxxxxxx
Delivery-date: Fri, 24 May 2019 18:11:33 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

After upgrading Kernel to 5.1.4/release on an x86_64 server, Xen 4.12.0 Dom0 
successfully boots in PVH mode (dom0=pvh ...), with efi vars available so that 
efibootmgr functions,

        xl list
                Name                                        ID   Mem VCPUs      
State   Time(s)
                Domain-0                                     0  4015     4     
r-----     847.6
                Xenstore                                     1    31     1     
-b----       0.0

        dmesg | grep -i pvh
                [    0.181973] Booting paravirtualized kernel on Xen PVH

        efibootmgr
                BootCurrent: 0000
                Timeout: 1 seconds
                BootOrder: 0000,0002,0003
                Boot0000* xensvr 
HD(2,GPT,9711255e-d11d-31c5-88fe-1e164d4d4c95,0x1000,0x96000)/File(\EFI\OPENSUSE\GRUBX64.EFI)
                Boot0002* UEFI OS       
HD(2,GPT,9711255e-d11d-31c5-88fe-1e164d4d4c95,0x1000,0x96000)/File(\EFI\BOOT\BOOTX64.EFI)..BO
                Boot0003* UEFI: Built-in EFI Shell      
VenMedia(5126c8dc-e6a4-b3e9-a119-cf41345c9754)..BO

From

        
https://xenproject.org/2018/07/10/xen-project-hypervisor-4-11-brings-cleaner-architecture-to-hypervisor-core-technologies/

I understand that PVH Dom0 *removes* qemu dependency,

        "PVH Dom0 Reduces the Attack Surface of Xen Project Based Systems

        PVH combines the best of PV and HVM mode to simplify the interface 
between operating systems with Xen Project Support and the Xen Project 
Hypervisor and to reduce the attack surface of Xen Project Software. PVH guests 
are lightweight HVM guests that use hardware virtualization support for memory 
and privileged instructions. PVH does not require QEMU.

        Xen Project 4.11 adds experimental PVH Dom0 support by calling Xen via 
dom0=pvh on the command line. Running a PVH Dom0 removes approximately 1 
million lines of QEMU code from Xen Project’s computing base shrinking the 
attack surface of Xen Project based systems."

Checking, qemu is still resident,

        ps ax | grep qemu
                1895 ?        Sl     0:00 /usr/bin/qemu-system-i386 -xen-domid 
0 -xen-attach -name dom0 -nographic -M xenpv -daemonize -monitor /dev/null 
-serial /dev/null -parallel /dev/null -nodefaults -no-user-config -pidfile 
/var/run/xen/qemu-dom0.pid

Is this still expected?

If so, why the *i386* variant, not /usr/bin/qemu-system-x86_64?

If not, is there some additional config required to disable its use here?


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] Xen 4.12.0 Dom0=pvh mode EFI variables 'not supported' after boot
  - From: Roger Pau Monné

Prev by Date: Re: [Xen-devel] [PATCH v2] x86/altp2m: cleanup p2m_altp2m_lazy_copy
Next by Date: [Xen-devel] [PATCH RFC 2] [DO NOT APPLY] introduce VCPUOP_register_runstate_phys_memory_area hypercall
Previous by thread: Re: [Xen-devel] [PATCH v2] x86/altp2m: cleanup p2m_altp2m_lazy_copy
Next by thread: Re: [Xen-devel] Xen 4.12.0 Dom0=pvh mode EFI variables 'not supported' after boot
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.