[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Xen DomU Bootloader Experiences

To: Elliott Mitchell <ehem+xen@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Juergen Gross <jgross@xxxxxxxx>
Date: Thu, 13 Nov 2025 07:46:25 +0100
Authentication-results: smtp-out1.suse.de; none
Autocrypt: addr=jgross@xxxxxxxx; keydata= xsBNBFOMcBYBCACgGjqjoGvbEouQZw/ToiBg9W98AlM2QHV+iNHsEs7kxWhKMjrioyspZKOB ycWxw3ie3j9uvg9EOB3aN4xiTv4qbnGiTr3oJhkB1gsb6ToJQZ8uxGq2kaV2KL9650I1SJve dYm8Of8Zd621lSmoKOwlNClALZNew72NjJLEzTalU1OdT7/i1TXkH09XSSI8mEQ/ouNcMvIJ NwQpd369y9bfIhWUiVXEK7MlRgUG6MvIj6Y3Am/BBLUVbDa4+gmzDC9ezlZkTZG2t14zWPvx XP3FAp2pkW0xqG7/377qptDmrk42GlSKN4z76ELnLxussxc7I2hx18NUcbP8+uty4bMxABEB AAHNH0p1ZXJnZW4gR3Jvc3MgPGpncm9zc0BzdXNlLmNvbT7CwHkEEwECACMFAlOMcK8CGwMH CwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRCw3p3WKL8TL8eZB/9G0juS/kDY9LhEXseh mE9U+iA1VsLhgDqVbsOtZ/S14LRFHczNd/Lqkn7souCSoyWsBs3/wO+OjPvxf7m+Ef+sMtr0 G5lCWEWa9wa0IXx5HRPW/ScL+e4AVUbL7rurYMfwCzco+7TfjhMEOkC+va5gzi1KrErgNRHH kg3PhlnRY0Udyqx++UYkAsN4TQuEhNN32MvN0Np3WlBJOgKcuXpIElmMM5f1BBzJSKBkW0Jc Wy3h2Wy912vHKpPV/Xv7ZwVJ27v7KcuZcErtptDevAljxJtE7aJG6WiBzm+v9EswyWxwMCIO RoVBYuiocc51872tRGywc03xaQydB+9R7BHPzsBNBFOMcBYBCADLMfoA44MwGOB9YT1V4KCy vAfd7E0BTfaAurbG+Olacciz3yd09QOmejFZC6AnoykydyvTFLAWYcSCdISMr88COmmCbJzn sHAogjexXiif6ANUUlHpjxlHCCcELmZUzomNDnEOTxZFeWMTFF9Rf2k2F0Tl4E5kmsNGgtSa aMO0rNZoOEiD/7UfPP3dfh8JCQ1VtUUsQtT1sxos8Eb/HmriJhnaTZ7Hp3jtgTVkV0ybpgFg w6WMaRkrBh17mV0z2ajjmabB7SJxcouSkR0hcpNl4oM74d2/VqoW4BxxxOD1FcNCObCELfIS auZx+XT6s+CE7Qi/c44ibBMR7hyjdzWbABEBAAHCwF8EGAECAAkFAlOMcBYCGwwACgkQsN6d 1ii/Ey9D+Af/WFr3q+bg/8v5tCknCtn92d5lyYTBNt7xgWzDZX8G6/pngzKyWfedArllp0Pn fgIXtMNV+3t8Li1Tg843EXkP7+2+CQ98MB8XvvPLYAfW8nNDV85TyVgWlldNcgdv7nn1Sq8g HwB2BHdIAkYce3hEoDQXt/mKlgEGsLpzJcnLKimtPXQQy9TxUaLBe9PInPd+Ohix0XOlY+Uk QFEx50Ki3rSDl2Zt2tnkNYKUCvTJq7jvOlaPd6d/W0tZqpyy7KVay+K4aMobDsodB3dvEAs6 ScCnh03dDAFgIq5nsB11j3KPKdVoPlfucX2c7kGNH+LUMbzqV6beIENfNexkOfxHfw==
Delivery-date: Thu, 13 Nov 2025 06:46:46 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 12.11.25 22:13, Elliott Mitchell wrote:

A few times there have been mentions of a need to choose between boot
methods for DomUs.  There is a need to decide on ones to recommend and
put effort into supportting.  I may not have tried that many nor done
particularly great amounts of experimentation, but I do have some
experience with multiple User Domain bootloaders.

PyGRUB
Xen's bootloader.  PyGRUB is quite functional within its limits.  In
particular it simulates the domain's environment in Domain 0.  This means
the security exposure is problematic.  Another big concern is that it
only does GRUB v1 syntax.  For a long while Debian had a package for
generating those files on a modern system, but that package was dropped.

Yet PyGRUB does avoid needing to use external tools to retrieve the
kernel.  If the kernel is updated inside the domain, this does get the
new kernel.  Further being architecture-independent this works on x86,
ARM*, RISC-V and PowerPC.

As it is the only GRUB-flavor loader available on ARM*, that is the only
place where I've used PyGRUB.


There is one further advantage for PyGRUB: it can look into the kernel
_before_ the domU is being created, so it can tell Xen tools whether a
32- or 64-bit domU is needed based on the selected kernel.

This is the main reason why PyGRUB is still existing.

PvGRUB
I'm sure nearly everyone knows about PvGRUB.  By being a proper port of
GRUB to run directly on Xen, it overcomes PyGRUB's disadvantages.  The
one disadvantage is needing to get patches into an external project for
changes in Xen.

Two changes to Xen urgently need propogation to PvGRUB.  I'm unsure
whether PvGRUB unmaps its mapping of vcpu_info data.  The second is
needing to work on ARM*, RISC-V and PowerPC.  The latter is the one and
only way in which PvGRUB is inferior to PyGRUB.

As PvGRUB is only available for x86, that is the only place I've used
PvGRUB.


Naming is difficult. :-)

You are talking about grub-pv. pv-grub is the Xen-internal variant based
on Mini-OS and legacy grub 0.97, supporting grub for PV-domUs.

grub-pv comes basically in three flavors, all x86-only:

- for 32-bit PV-guests
- for 64-bit PV-guests
- for PVH-guests (32- or 64-bit)

Adding PVH support to upstream Grub for e.g. Arm should be rather easy.



EDK2/Tianocore
Quite well-known for being the basis of most x86 firmwares, plus being
part of a typical Qemu setup.  Not nearly as well known for being a Xen
DomU bootloader.

When it was working you would build their ArmVirtXen.dsc file and get
XEN_EFI.fd as output.  You would then use XEN_EFI.fd for the domain's
kernel.  If you looked at the console you saw something which looked and
acted pretty similar to a UEFI firmware on x86 machines.  This was
extremely functional for OSes which didn't particularly like GRUB.
Notably I've read of it being able to load a Redmond OS and it was quite
functional for booting an ARM64 port of FreeBSD.

Sometime after November 16th, 2022 or commit fff6d81270.  The built
images stopped functioning.  This is actually rather concerning since it
may also effects firmwares built for x86 HVM domains.  I don't presently
know whether there are multiple bugs, or a single one effecting all Xen
builds.

There is also an urgent need to get EDK2/Tianocore updated to match
Xen/ARM's disallowing mapping the shared information page multiple times.
As I did not wish to become deeply involved with EDK2/Tianocore I sent a
patch to xen-devel close to 1.5 years ago.  Lack of action suggests there
is an urgent need for a liason.



Recommendations:
PyGRUB is functional within its limits.  Problems are GRUBv1 syntax and
running within Domain 0.  Given this I feel the Xen Project should be
heading towards deprecating PyGRUB.  Since PvGRUB works for x86 now, I
would default to neither building nor installing PyGRUB on x86.  For
other architectures PyGRUB is still useful.

The Xen Project should formally ask the GRUB Project to port PvGRUB to
ARM, RISC-V and PowerPC.  The need for PvGRUB on ARM seems rather urgent.
Without a proper bootloader VMs aren't too useful.


Well, I did the grub-pvh implementation.

Doing that for other architectures shouldn't be rocket science. :-)

The Xen Project needs people to work with EDK2/Tianocore.  The oldest
report I've seen of the EDK2/Tianocore issue dates to mid-2023.  Now two
years later the bug is still present.

The ability to configure XEN_EFI.fd as a domain kernel is a feature
highly worthy of being ported to x86.  For OSes which don't particularly
like GRUB, but do have PV drivers this is an ideal boot method.



Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: Xen DomU Bootloader Experiences
  - From: Elliott Mitchell

References:
- Xen DomU Bootloader Experiences
  - From: Elliott Mitchell

Prev by Date: RE: [PATCH v3 15/28] xen/domctl: wrap domain_kill() with CONFIG_MGMT_HYPERCALLS
Next by Date: Re: [XEN][PATCH v3] xen/x86: guest_access: optimize raw_x_guest() for PV and HVM combinations
Previous by thread: Xen DomU Bootloader Experiences
Next by thread: Re: Xen DomU Bootloader Experiences
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.