[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2 0/7] x86/kexec: Secure Boot support
- To: xen-devel@xxxxxxxxxxxxxxxxxxxx
- From: Kevin Lampis <kevin.lampis@xxxxxxxxxx>
- Date: Mon, 22 Jun 2026 16:18:26 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=c3Ov6AdvRabkOUvbATkA/nVuGftjBb+0S/UCnU4p9wA=; b=fPJUItO5fLrl1zqYWO20GJd22uTcWAXAro8DHhJUhWSXZE5jcq/TRwuw06eU1yPMskbtvoETLc09WkQfnEMcEF5Ue6HXrimRq0bgjD/PofZA2EcmQDvZNvj1j3YrIjcUFlFUuVp6XiQ2hTNTsaoTHC5IFGRtKef5L2JUn9boqkogfaqfIqttVtppfpK+GT2GyUPBjcaU7yKzC0DDP1m+2Zv/0tKkOoeAskv7gTIK9EYoo+BpBlw9zI/afx3ZOfA2OVwTUj1ZmDCS6vUV+2+MnV7bkaZZLt16qsfmEdScYFn9r6HEu1VoYzMYB5c4D4c8utPyxpwsmeFCslFciWo73w==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=pVJaTJkfVTvPU9n0hCsLWar1C6pjpJ3sIeIuKTy/tSSLirM6Raw8N8YmCINUq+suPy4fbU+rIdP4G31EJ+yCkQ9qKPXacFPEP7bh4nG/GXGJVvv8P9ZjVBTOia19R3WrEvuaYh+Ox6BjI0oQNQXECzg7nV/vaGSWYdLyUMkyLvV38/o27kBLDrbEMX0fnci3x2Ib7WQAGzpjsSjskP3/3vX2GkPz9ATKGfvQP1bew8pU0/Kbsm6dEJqoSgnhhEQTYrux8CDWlQve7xOcaLl/Un5Nfuqkn9OGphKagmsp8BHkYBte34mF+EaBB/BezXwz5tFj4DhTtstfHqYqMTV0Pw==
- Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=citrix.com header.i="@citrix.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: jbeulich@xxxxxxxx, andrew.cooper3@xxxxxxxxxx, roger.pau@xxxxxxxxxx, ross.lagerwall@xxxxxxxxxx, Kevin Lampis <kevin.lampis@xxxxxxxxxx>
- Delivery-date: Mon, 22 Jun 2026 15:17:23 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
These changes allow loading and booting an EFI kexec crash kernel.
For this new EFI kexec type, userspace won't provide purgatory code.
Instead Xen jumps directly to the new kernel.
Signature validation is done by the dom0 kernel. Xen then calculates a
digest for all the segments stored in memory. This digest is verified
again during execution. This digest check obviates the need for Xen to
verify Secure Boot signatures directly.
Changes in v2:
- Addressed review comments for specific patches
Ross Lagerwall (5):
x86/kexec: add digest checks
x86/kexec: rename setup_header to bzimage_header
x86/kexec: add new struct kimage_segment
x86/kexec: Support non-page-aligned kexec segments
x86/kexec: Implement new EFI load types
Kevin Lampis (2):
x86/kexec: Pass boot params directly to new kernel
x86/kexec: Zero general purpose registers
xen/arch/x86/Makefile | 1 +
xen/arch/x86/bzimage.c | 47 +----
xen/arch/x86/include/asm/bzimage.h | 44 +++++
xen/arch/x86/include/asm/kexec.h | 9 +
xen/arch/x86/include/asm/machine_kexec.h | 2 +-
xen/arch/x86/kexec.c | 58 +++++++
xen/arch/x86/machine_kexec.c | 3 +-
xen/arch/x86/x86_64/kexec_reloc.S | 23 +++
xen/common/kexec.c | 36 +++-
xen/common/kimage.c | 208 ++++++++++++++++++-----
xen/include/public/kexec.h | 11 +-
xen/include/xen/kimage.h | 20 ++-
12 files changed, 364 insertions(+), 98 deletions(-)
create mode 100644 xen/arch/x86/include/asm/kexec.h
create mode 100644 xen/arch/x86/kexec.c
--
2.52.0
|
