Re: xen/arm: attaching block devices under EFI

["Benjamin Mordaunt" <crawford.benjamin15@xxxxxxxxx>]

On Sat Oct 8, 2022 at 6:55 PM BST, Benjamin Mordaunt wrote:
> Following my previous chat with Julien, I'm assuming the flow:
>
> U-Boot -> Xen -> EFI (for guest) -> GRUB -> Ubuntu
>
> is not really possible - there is no chain of trust for secure boot,
> and EFI information from the underlying firmware is lost (i.e. what EFI
> information would Xen present to the guest's GRUB?)
>
> So I'm now investigating a full EFI+arm stack, but some things are still
> not clear. I'm following the information presented in [1], but can't see
> how you dedicate block devices to a particular domain, like you can with
> a standard xl.cfg configuration. Let's take a DomU DT entry from [1] as
> an example:
>
> domU1 {
>     #size-cells = <0x1>;
>     #address-cells = <0x1>;
>     compatible = "xen,domain";
>     cpus = <0x1>;
>     memory = <0x0 0xc0000>;
>     vpl011;
>
>     module@1 {
>         compatible = "multiboot,kernel", "multiboot,module";
>       xen,uefi-binary = "Image-domu1.bin";
>       bootargs = "console=ttyAMA0 root=/dev/ram0 rw":
>     };
> };
>
> So, what if I have a Linux image in some filesystem image somewhere, (I
> imagine in the Dom0 rootfs or more ideally in an LVM volume) that
> contains an EFI GRUB2 image that I want to boot into? I see no reference
> to a "disk" option, as you would write into a traditional Xen config
> file?
>
> How do I "sandbox" guests to only see the disks that they are assigned?
>
> Basically, how do I configure disks at all?!
>
> Cheers,
>
> --
> Ben

Sorry, missed link to [1]:

  [1] https://xenbits.xen.org/docs/unstable/misc/efi.html

--
Ben