[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: fwupd support under Xen - firmware updates with the UEFI capsule

On 28.07.2020 23:01, Andrew Cooper wrote:
On 28/07/2020 21:00, Jan Beulich wrote:
On 28.07.2020 09:41, Norbert Kaminski wrote:
I'm trying to add support for the firmware updates with the UEFI
capsule in
Qubes OS. I've got the troubles with reading ESRT (EFI System
Resource Table)
in the dom0, which is based on the EFI memory map. The EFI_MEMMAP is not
enabled despite the loaded drivers (CONFIG_EFI, CONFIG_EFI_ESRT) and
cmdline parameters (add_efi_memmap):

[    3.451249] efi: EFI_MEMMAP is not enabled.

It is, according to my understanding, a layering violation to expose
the EFI memory map to Dom0. It's not supposed to make use of this
information in any way. Hence any functionality depending on its use
also needs to be implemented in the hypervisor, with Dom0 making a
suitable hypercall to access this functionality. (And I find it
quite natural to expect that Xen gets involved in an update of the
firmware of a system.)

ERST is a table (read only by the looks of things) which is a catalogue
of various bits of firmware in the system, including GUIDs for
identification, and version information.

It is the kind of data which the hardware domain should have access to,
and AFAICT, behaves just like a static ACPI table.

I'm unaware of us hiding this table, so Dom0 has access.

Presumably it wants to an E820 reserved region so dom0 gets indent
access, and something in the EFI subsystem needs extending to pass the
ERST address to dom0.

I'm afraid the beginning of this sentence is such that I can't guess
what exactly you mean. As per above - I don't see why Dom0 wouldn't
have access to ERST. What it doesn't (and shouldn't) have access to is
the raw EFI memory map (there's no E820 map there). There is a way
for Dom0 to get at some "cooked" memory map (XENMEM_machine_memory_map),
but of course in a r/o fashion only.




Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.