From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Jan Beulich <JBeulich@suse.com>, Daniel Kiper <daniel.kiper@oracle.com>
Cc: MatthewFioravante <matthew.fioravante@jhuapl.edu>,
Ian Campbell <Ian.Campbell@citrix.com>, Wei Liu <liuw@liuw.name>,
George Dunlap <george.dunlap@eu.citrix.com>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
Jim Fehlig <JFEHLIG@suse.com>,
Anthony Perard <anthony.perard@citrix.com>,
Daniel De Graaf <dgdegra@tycho.nsa.gov>,
Roger Pau Monne <roger.pau@citrix.com>
Subject: Re: Xen 4.3 development update, and stock-taking
Date: Fri, 18 Jan 2013 10:24:32 -0500 [thread overview]
Message-ID: <20130118152432.GE9973@phenom.dumpdata.com> (raw)
In-Reply-To: <50F801F102000078000B6CEE@nat28.tlf.novell.com>
On Thu, Jan 17, 2013 at 12:51:45PM +0000, Jan Beulich wrote:
> >>> On 17.01.13 at 12:12, George Dunlap <george.dunlap@eu.citrix.com> wrote:
> > On 17/01/13 09:09, Jan Beulich wrote:
> >>>>> On 16.01.13 at 18:55, George Dunlap <George.Dunlap@eu.citrix.com> wrote:
> >>> * Xen EFI boot
> >>> - Signature checking for dom0 kernel / initrd?
> >>> status: No owner.
> >>> prognosis: Probably not for 4.4
> >> This is already in the tree (c/s 26262:b62bd62b2683). Nothing else
> >> should be necessary on the hypervisor side if the shim is to be used.
> >>
> >> But of course pv-ops Linux continues to lack EFI support altogether.
> >
> > OK, so I think the description needs an update, then. For Xen to be
> > fully featured, I think it would need all of the following:
> > * An EFI-bootable dom0 (this should be done, right?)
>
> "Done" in the sense of todo for pvops (our kernels have been able
> to for quite a long while).
>
> > * dom0 able to make use of EFI run-time services
>
> Indirectly, through hypercalls.
>
> > * Xen able to use EFI boot-time services (?)
>
> Sure, that's how things work. Otherwise we wouldn't boot at
> all from EFI. The one extra thing that some people had asked
> for was to be able to also properly boot Xen via grub.efi.
>
> > * Xen able to detect the existence of a signed Linux binary, and leave
> > EFI boot-time services enabled for dom0 to use when appropriate
>
> No. We can't leave bot services enabled, and we also don't
> need to. The model is that only the Dom0 kernel binary needs
> validation at the boot loader level. Everything else will be
> done in the kernel (including initrd validation, or really the
> parts of it that need validation).
>
> > * dom0 able to use boot-time EFI services and disable them when done
>
> As above - that's not even an option.
>
> Jan
>From the Linux pvops side it is all in 'Not-done' camp. Daniel is now
taking a look at it.
>
next prev parent reply other threads:[~2013-01-18 15:24 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-16 17:55 Xen 4.3 development update, and stock-taking George Dunlap
2013-01-16 18:03 ` Matthew Fioravante
2013-01-18 15:19 ` Konrad Rzeszutek Wilk
2013-01-18 21:17 ` Fioravante, Matthew E.
2013-01-16 18:15 ` Wei Liu
2013-01-17 10:50 ` George Dunlap
2013-01-17 9:09 ` Jan Beulich
2013-01-17 11:12 ` George Dunlap
2013-01-17 12:51 ` Jan Beulich
2013-01-17 13:58 ` George Dunlap
2013-01-17 14:15 ` Jan Beulich
2013-01-17 14:32 ` George Dunlap
2013-01-17 15:26 ` Jan Beulich
2013-01-17 15:30 ` Jan Beulich
2013-01-17 15:48 ` George Dunlap
2013-01-17 16:04 ` George Dunlap
2013-01-17 16:20 ` Jan Beulich
2013-01-17 17:22 ` George Dunlap
2013-01-17 16:14 ` Jan Beulich
2013-01-17 16:29 ` George Dunlap
2013-01-17 16:49 ` Jan Beulich
2013-01-17 17:11 ` George Dunlap
2013-01-18 9:35 ` Jan Beulich
2013-01-17 16:43 ` George Dunlap
2013-01-17 17:06 ` Jan Beulich
2013-01-17 16:49 ` George Dunlap
2013-01-18 9:30 ` Jan Beulich
2013-01-18 15:24 ` Konrad Rzeszutek Wilk [this message]
2013-01-18 11:20 ` Daniel Kiper
2013-01-21 14:12 ` George Dunlap
2013-01-22 13:53 ` Daniel Kiper
2013-01-22 14:10 ` Jan Beulich
2013-01-18 15:22 ` Konrad Rzeszutek Wilk
2013-01-17 10:00 ` Roger Pau Monné
2013-01-17 11:22 ` George Dunlap
2013-01-18 9:50 ` Roger Pau Monné
2013-01-18 15:21 ` Konrad Rzeszutek Wilk
2013-01-18 15:33 ` Roger Pau Monné
2013-01-21 15:06 ` George Dunlap
2013-01-17 10:20 ` Olaf Hering
2013-01-17 17:23 ` George Dunlap
2013-01-17 15:54 ` Daniel De Graaf
2013-01-17 15:49 ` George Dunlap
2013-01-18 15:41 ` Konrad Rzeszutek Wilk
2013-01-21 15:04 ` George Dunlap
2013-01-22 17:42 ` Konrad Rzeszutek Wilk
[not found] <mailman.21508.1358358967.1399.xen-devel@lists.xen.org>
2013-01-17 16:07 ` Andres Lagar-Cavilla
-- strict thread matches above, loose matches on Subject: below --
2013-01-22 14:32 Daniel Kiper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130118152432.GE9973@phenom.dumpdata.com \
--to=konrad.wilk@oracle.com \
--cc=Ian.Campbell@citrix.com \
--cc=JBeulich@suse.com \
--cc=JFEHLIG@suse.com \
--cc=anthony.perard@citrix.com \
--cc=daniel.kiper@oracle.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=george.dunlap@eu.citrix.com \
--cc=liuw@liuw.name \
--cc=matthew.fioravante@jhuapl.edu \
--cc=roger.pau@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.