[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] xen: Strip xen.efi by default

  • To: Frediano Ziglio <frediano.ziglio@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Frediano Ziglio <frediano.ziglio@xxxxxxxxxx>
  • Date: Thu, 2 Oct 2025 12:25:43 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=k32rYW5Qwk4jvKk3B7RKu15rJxaVovhO0Q9nrSQOH/c=; b=VtN3MdYRuyIPhVxtT4JZvRbt+fmWCvytqj+rCUZyiMRBDeWmHjJrToi8OGKb9xKak10A0t+oryfTYikFTfSWHxXYjtNw+b9rhz6tRNp4UlAUCqq7L+KRHil6odg7X2LaFpSTB6Hw4n8PM9AFLgvdIrn0XvY1KZo6Nsigwdjr4PRbMC+qjzQWxgAjFcZGnwXfwxXpC9s/g7MfzNcDKH2g+TlLhZTNuSUzycPXpBucGRh1ARyYy0+vLhIYWAfTivhdVtVRqoAVtKzbCpVGpqIybhgwUVDQWwbTjcF8b/ag9CdQaufJ3upCNg8lc9htyLmLJhGAFlj6gCEbRxn+tXL/ow==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=eDT10lYAb9ovopB+Btk/tBPhNKgjhNzP/ePpErAna9ieZoTRVg1dn4xG/TLs7zYCwRQSGOiF1LxKfCbOxiSi0lcioJfwfaOIcN9xMfrQt5BfHO1qB6bxe7ETIE3efFE8NlaLPSngosQM+BgH4FhEX/3ZzNMejAwvRvVeRF2uOo6EXyfd7/hGNifARKYVwVQKqNDB9GGj4BOMY6qidCMoWyFkqQ+XBr+ehDfIoQcGdUFo9aKdgX5n/YUD/yJk2DWdps+GYh9x6i7ZtTY2qu35f3rY6iwgOCr8CnfgMpDo/dA0OgdlclvMZ4IiKr/7V6SRH3S0Bj3+PP+wVYnMyaZz4Q==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Andrew Cooper <andrew.cooper@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • Delivery-date: Thu, 02 Oct 2025 12:26:05 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Msip_labels:
  • Thread-index: AQHcG4LdpTtcu0yEX02PoYAcRuBERrSvCQ3n
  • Thread-topic: [PATCH v2] xen: Strip xen.efi by default
ping

From: Frediano Ziglio <frediano.ziglio@xxxxxxxxx>
Sent: 15 August 2025 11:33
To: xen-devel@xxxxxxxxxxxxxxxxxxxx <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>; Anthony PERARD <anthony.perard@xxxxxxxxxx>; Michal Orzel <michal.orzel@xxxxxxx>; Jan Beulich <jbeulich@xxxxxxxx>; Julien Grall <julien@xxxxxxx>; Roger Pau Monné <roger.pau@xxxxxxxxxx>; Stefano Stabellini <sstabellini@xxxxxxxxxx>
Subject: Re: [PATCH v2] xen: Strip xen.efi by default
 
ping

On Mon, Jul 28, 2025 at 11:34 AM Frediano Ziglio
<frediano.ziglio@xxxxxxxxx> wrote:
>
> ping
>
> On Wed, Jun 25, 2025 at 12:49 PM Frediano Ziglio
> <frediano.ziglio@xxxxxxxxx> wrote:
> >
> > On Thu, Jun 12, 2025 at 11:07 AM Frediano Ziglio
> > <frediano.ziglio@xxxxxxxxx> wrote:
> > >
> > > For xen.gz file we strip all symbols and have an additional
> > > xen-syms file version with all symbols.
> > > Make xen.efi more coherent stripping all symbols too.
> > > xen.efi.elf can be used for debugging.
> > >
> > > Signed-off-by: Frediano Ziglio <frediano.ziglio@xxxxxxxxx>
> > > ---
> > > Changes since v1:
> > > - avoid leaving target if some command fails
> > > ---
> > >  docs/misc/efi.pandoc  |  8 +-------
> > >  xen/Kconfig.debug     |  9 ++-------
> > >  xen/Makefile          | 19 -------------------
> > >  xen/arch/x86/Makefile |  8 +++++---
> > >  4 files changed, 8 insertions(+), 36 deletions(-)
> > >
> > > diff --git a/docs/misc/efi.pandoc b/docs/misc/efi.pandoc
> > > index 11c1ac3346..c66b18a66b 100644
> > > --- a/docs/misc/efi.pandoc
> > > +++ b/docs/misc/efi.pandoc
> > > @@ -20,13 +20,7 @@ Xen to load the configuration file even if multiboot modules are found.
> > >  Once built, `make install-xen` will place the resulting binary directly into
> > >  the EFI boot partition, provided `EFI_VENDOR` is set in the environment (and
> > >  `EFI_MOUNTPOINT` is overridden as needed, should the default of `/boot/efi` not
> > > -match your system). When built with debug info, the binary can be quite large.
> > > -Setting `INSTALL_EFI_STRIP=1` in the environment will cause it to be stripped
> > > -of debug info in the process of installing. `INSTALL_EFI_STRIP` can also be set
> > > -to any combination of options suitable to pass to `strip`, in case the default
> > > -ones don't do. The xen.efi binary will also be installed in `/usr/lib64/efi/`,
> > > -unless `EFI_DIR` is set in the environment to override this default. This
> > > -binary will not be stripped in the process.
> > > +match your system).
> > >
> > >  The binary itself will require a configuration file (names with the `.efi`
> > >  extension of the binary's name replaced by `.cfg`, and - until an existing
> > > diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug
> > > index d14093017e..cafbb1236c 100644
> > > --- a/xen/Kconfig.debug
> > > +++ b/xen/Kconfig.debug
> > > @@ -147,12 +147,7 @@ config DEBUG_INFO
> > >           Say Y here if you want to build Xen with debug information. This
> > >           information is needed e.g. for doing crash dump analysis of the
> > >           hypervisor via the "crash" tool.
> > > -         Saying Y will increase the size of the xen-syms and xen.efi
> > > -         binaries. In case the space on the EFI boot partition is rather
> > > -         limited, you may want to install a stripped variant of xen.efi in
> > > -         the EFI boot partition (look for "INSTALL_EFI_STRIP" in
> > > -         docs/misc/efi.pandoc for more information - when not using
> > > -         "make install-xen" for installing xen.efi, stripping needs to be
> > > -         done outside the Xen build environment).
> > > +         Saying Y will increase the size of the xen-syms and xen.efi.elf
> > > +         binaries.
> > >
> > >  endmenu
> > > diff --git a/xen/Makefile b/xen/Makefile
> > > index 8fc4e042ff..664c4ea7b8 100644
> > > --- a/xen/Makefile
> > > +++ b/xen/Makefile
> > > @@ -488,22 +488,6 @@ endif
> > >  .PHONY: _build
> > >  _build: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX)
> > >
> > > -# Strip
> > > -#
> > > -# INSTALL_EFI_STRIP, if defined, will cause xen.efi to be stripped before it
> > > -# is installed. If INSTALL_EFI_STRIP is '1', then the default option(s) below
> > > -# will be used. Otherwise, INSTALL_EFI_STRIP value will be used as the
> > > -# option(s) to the strip command.
> > > -ifdef INSTALL_EFI_STRIP
> > > -
> > > -ifeq ($(INSTALL_EFI_STRIP),1)
> > > -efi-strip-opt := --strip-debug --keep-file-symbols
> > > -else
> > > -efi-strip-opt := $(INSTALL_EFI_STRIP)
> > > -endif
> > > -
> > > -endif
> > > -
> > >  .PHONY: _install
> > >  _install: D=$(DESTDIR)
> > >  _install: T=$(notdir $(TARGET))
> > > @@ -530,9 +514,6 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX)
> > >                 ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \
> > >                 ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \
> > >                 if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \
> > > -                       $(if $(efi-strip-opt), \
> > > -                            $(STRIP) $(efi-strip-opt) -p -o $(TARGET).efi.stripped $(TARGET).efi && \
> > > -                            $(INSTALL_DATA) $(TARGET).efi.stripped $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi ||) \
> > >                         $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \
> > >                 elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \
> > >                         echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \
> > > diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
> > > index ce724a9daa..e0ebc8c73e 100644
> > > --- a/xen/arch/x86/Makefile
> > > +++ b/xen/arch/x86/Makefile
> > > @@ -232,14 +232,16 @@ endif
> > >         $(MAKE) $(build)=$(@D) .$(@F).1r.o .$(@F).1s.o
> > >         $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds $< \
> > >               $(dot-target).1r.o $(dot-target).1s.o $(orphan-handling-y) \
> > > -             $(note_file_option) -o $@
> > > -       $(NM) -pa --format=sysv $@ \
> > > +             $(note_file_option) -o $@.tmp
> > > +       $(NM) -pa --format=sysv $@.tmp \
> > >                 | $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort \
> > >                 > $@.map
> > >  ifeq ($(CONFIG_DEBUG_INFO),y)
> > > -       $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@ $@.elf
> > > +       $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@.tmp $@.elf
> > > +       $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(STRIP) $@.tmp
> > >  endif
> > >         rm -f $(dot-target).[0-9]* $(@D)/..$(@F).[0-9]*
> > > +       mv -f $@.tmp $@
> > >  ifeq ($(CONFIG_XEN_IBT),y)
> > >         $(SHELL) $(srctree)/tools/check-endbr.sh $@
> > >  endif
> >
> > Any comments on this version?
> >
> > Frediano

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.