Following my previous chat with Julien, I'm assuming the flow:
U-Boot -> Xen -> EFI (for guest) -> GRUB -> Ubuntu
is not really possible - there is no chain of trust for secure boot,
and EFI information from the underlying firmware is lost (i.e. what EFI
information would Xen present to the guest's GRUB?)
So I'm now investigating a full EFI+arm stack, but some things are still
not clear. I'm following the information presented in [1], but can't see
how you dedicate block devices to a particular domain, like you can with
a standard xl.cfg configuration. Let's take a DomU DT entry from [1] as
an example:
domU1 {
     #size-cells = <0x1>;
     #address-cells = <0x1>;
     compatible = "xen,domain";
     cpus = <0x1>;
     memory = <0x0 0xc0000>;
     vpl011;
     module@1 {
         compatible = "multiboot,kernel", "multiboot,module";
        xen,uefi-binary = "Image-domu1.bin";
        bootargs = "console=ttyAMA0 root=/dev/ram0 rw":
     };
};
So, what if I have a Linux image in some filesystem image somewhere, (I
imagine in the Dom0 rootfs or more ideally in an LVM volume) that
contains an EFI GRUB2 image that I want to boot into? I see no reference
to a "disk" option, as you would write into a traditional Xen config
file?
How do I "sandbox" guests to only see the disks that they are assigned?
Basically, how do I configure disks at all?!
Cheers,
--
Ben