[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 3/3] arm/efi: load dom0 modules from DT using UEFI

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Luca Fancellu <luca.fancellu@xxxxxxx>
  • Date: Fri, 1 Oct 2021 15:08:26 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7W0V/lf165q/NgEj5qNLR9RyPxMNVprhjpZD5BqeGoU=; b=el17IGTIJ5nSZZcDUrbGYP8IGye56QjNwq9fQI/V2ZIo2Cp3m5mv01vum2X8fSfKIPbiydfrOa7rHmW/HxdR0FhBdZij9Rj1n6GjoLe5StewPYxPkDGz0JETa42JiYtzFgYOZ5YEkLOaYmTxIwUeBsdDAKvrRDV3OWE0iRrn0mPb3n66pfhxukEFj8djMkWci4+XedYLF3pEwueJhu4QzQuSGB3WwbePd2O/1bH4OtpB7Z0EPd5rIpGqD0j0jWVJoncHmKswP/MhuYP4obIN31gSPSroifXX/c1DjD/uiaC86qK0CgpX8olO+YNWuNqlYcG5FpKeyebykhEbFk5X5g==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=P1AKCzhm7ACNSwCHKB8Q6RNunfF/RBawi39gnIRVMtlKGjVczsE/9P3TyDU8mYFX9FlYJLWhp1ylpf2/wVK2+KJHyRSUJH4SamXIVHdp12KSyCj9l+/lUdGymSFidqAO+QOta2cerXnVJK3BTMu0r9m/T6DNu61eLNeE5oL/DjS/1NJx+F6zS0ZXpvnPf62VqtmxPxXDRuJ2QdFA7X8i7alJk0FeUz5sTyXR/7WG56R16iZaJ9q2hylYdOe0+Xn3uhTCSJYWsF2IBv6uD7Msrl4ihyKYEOL7wiWdgrQSuyA1cooqjF284+7CIQIBo95oLf7AMPY7sW+lazQrCqe7nA==
  • Authentication-results-original: suse.com; dkim=none (message not signed) header.d=none;suse.com; dmarc=none action=none header.from=arm.com;
  • Cc: Bertrand Marquis <bertrand.marquis@xxxxxxx>, wei.chen@xxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Fri, 01 Oct 2021 14:09:07 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: suse.com; dkim=none (message not signed) header.d=none;suse.com; dmarc=none action=none header.from=arm.com;

> On 1 Oct 2021, at 12:16, Jan Beulich <jbeulich@xxxxxxxx> wrote:
> 
> On 30.09.2021 16:28, Luca Fancellu wrote:
>> Add support to load Dom0 boot modules from
>> the device tree using the xen,uefi-binary property.
>> 
>> Update documentation about that.
>> 
>> Signed-off-by: Luca Fancellu <luca.fancellu@xxxxxxx>
> 
> Acked-by: Jan Beulich <jbeulich@xxxxxxxx>
> despite ...
> 
>> @@ -1385,6 +1380,17 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE 
>> *SystemTable)
>>     if ( !dt_modules_found && !kernel.addr )
>>         blexit(L"No Dom0 kernel image specified.");
>> 
>> +    /*
>> +     * The Dom0 kernel can be loaded from the configuration file or by the
>> +     * device tree through the efi_arch_check_dt_boot function, in this 
>> stage
>> +     * verify it.
>> +     */
>> +    if ( kernel.addr &&
> 
> ... me still being a little unhappy with the inconsistent use of the
> union fields so close together: This one is now consistent with the
> one visible further up in context, but ...
> 
>> +         !EFI_ERROR(efi_bs->LocateProtocol(&shim_lock_guid, NULL,> +        
>>                                    (void **)&shim_lock)) &&
>> +         (status = shim_lock->Verify(kernel.ptr, kernel.size)) != 
>> EFI_SUCCESS )
> 
> ... is now inconsistent with this use. But yeah - read_file() is
> even worse in that sense, except that there the different uses are
> for specific reasons, while here the only requirement is to satisfy
> shim_lock->Verify().
> 
> Please feel free to retain my ack in case you decide to use .ptr in
> all three places.

Hi Jan,

Sure I will do the modification you suggested, I will fix also my silly mistake 
that
Stefano pointed out.

Just to be sure, I explain what I will do:

In the second patch I will change:

    if ( !dt_modules_found && !kernel.addr )

To 

    if ( !dt_modules_found && !kernel.ptr )


And in this patch I will use:

if ( kernel.ptr &&
         !EFI_ERROR(efi_bs->LocateProtocol(&shim_lock_guid, NULL,
                                           (void **)&shim_lock)) &&
         (status = shim_lock->Verify(kernel.ptr, kernel.size)) != EFI_SUCCESS )
        PrintErrMesg(L"Dom0 kernel image could not be verified", status);

Do you agree on them? Can I retain your ack to this patch doing these changes?

Cheers,
Luca

> 
> Jan
>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.