|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH] EFI: Enable booting unified hypervisor/kernel/initrd images
On 28.08.2020 13:51, Trammell Hudson wrote: > This patch adds support for bundling the xen.efi hypervisor, the xen.cfg > configuration file, the Linux kernel and initrd, as well as the XSM, and > CPU microcode into a single "unified" EFI executable. The resulting EFI > executable can be invoked directly from the UEFI Boot Manager, removing > the need to use a separate loader like grub as well as removing > dependencies on local filesystem access. > > It is inspired by systemd-boot's unified kernel technique and borrows the > function to locate PE sections from systemd's LGPL'ed code. During EFI > boot, Xen looks at its own loaded image to locate the PE sections for > the configuration, kernel, etc, which are included after building xen.efi > using objcopy to add named sections for each input file. This allows an > administrator to update the components independently without requiring > rebuilding xen. > > The unified image can also be signed by sbsigntool for verification > by UEFI Secure Boot. If secure boot is enabled, the Xen command line > arguments are ignored. Unlike the shim based verification, the signature > covers the entire Xen+config+kernel+initrd unified file. This also ensures > that properly configured platforms will measure the entire runtime into > the TPM for unsealing secrets or remote attestation. > > Signed-off-by: Trammell Hudson <hudson@xxxxxxxx> I realize this patch is now stale, and hence there's little point looking over it. As indicated elsewhere I don't think the gitlab model is suitable here, so may I ask that you post an up-to-date patch to the list again? Thanks, Jan
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |