From: Frediano Ziglio <freddy77@gmail.com>
To: xen-devel@lists.xenproject.org
Cc: "Frediano Ziglio" <frediano.ziglio@citrix.com>,
"Jan Beulich" <jbeulich@suse.com>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"Roger Pau Monné" <roger.pau@citrix.com>,
"Teddy Astie" <teddy.astie@vates.tech>,
"Anthony PERARD" <anthony.perard@vates.tech>,
"Michal Orzel" <michal.orzel@amd.com>,
"Julien Grall" <julien@xen.org>,
"Stefano Stabellini" <sstabellini@kernel.org>,
"Daniel P. Smith" <dpsmith@apertussolutions.com>,
"Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>
Subject: [PATCH v3 0/4] Various patches to improve Secure Boot support
Date: Tue, 16 Jun 2026 11:13:32 +0100 [thread overview]
Message-ID: <20260616101336.44009-1-frediano.ziglio@citrix.com> (raw)
These patches improve support for Secure boot.
UEFI CA memory mitigation requires memory pages to be not executable and
writable at the same time. So changing permissions and splitting some section
is required.
Remove multiboot pieces from EFI executable.
Changes since v1:
- improved some comments;
- merged 2 pacthes removing multiboot support in x86 PE;
- removed a patch dealing with SBAT;
- other minor changes (see single patches).
Changes since v2:
- improved some comments.
Frediano Ziglio (2):
Align relevant sections to 4KB
x86: Split .init section to satisfy UEFI CA memory mitigation
Roger Pau Monné (2):
x86/efi: discard multiboot support for PE binary
x86/efi: avoid a relocation in efi_arch_post_exit_boot()
docs/hypervisor-guide/x86/how-xen-boots.rst | 6 ------
xen/arch/x86/boot/head.S | 3 ++-
xen/arch/x86/efi/efi-boot.h | 7 +++++--
xen/arch/x86/xen.lds.S | 22 +++++++++++----------
4 files changed, 19 insertions(+), 19 deletions(-)
--
2.43.0
next reply other threads:[~2026-06-16 10:14 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-16 10:13 Frediano Ziglio [this message]
2026-06-16 10:13 ` [PATCH v3 1/4] Align relevant sections to 4KB Frediano Ziglio
2026-06-16 10:44 ` Marek Marczykowski-Górecki
2026-06-16 12:27 ` Jan Beulich
2026-06-16 14:38 ` Frediano Ziglio
2026-06-16 14:54 ` Marek Marczykowski-Górecki
2026-06-16 15:07 ` Jan Beulich
2026-06-16 10:13 ` [PATCH v3 2/4] x86/efi: discard multiboot support for PE binary Frediano Ziglio
2026-06-16 10:55 ` Marek Marczykowski-Górecki
2026-06-16 10:13 ` [PATCH v3 3/4] x86/efi: avoid a relocation in efi_arch_post_exit_boot() Frediano Ziglio
2026-06-16 11:04 ` Marek Marczykowski-Górecki
2026-06-16 10:13 ` [PATCH v3 4/4] x86: Split .init section to satisfy UEFI CA memory mitigation Frediano Ziglio
2026-06-16 11:20 ` Marek Marczykowski-Górecki
2026-06-16 11:29 ` Andrew Cooper
2026-06-16 12:30 ` Jan Beulich
2026-06-16 12:40 ` Andrew Cooper
2026-06-16 13:50 ` Frediano Ziglio
2026-06-16 13:50 ` Jan Beulich
2026-06-16 14:46 ` Andrew Cooper
2026-06-16 14:58 ` Andrew Cooper
2026-06-16 15:05 ` Jan Beulich
2026-06-16 15:08 ` Marek Marczykowski-Górecki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260616101336.44009-1-frediano.ziglio@citrix.com \
--to=freddy77@gmail.com \
--cc=andrew.cooper3@citrix.com \
--cc=anthony.perard@vates.tech \
--cc=dpsmith@apertussolutions.com \
--cc=frediano.ziglio@citrix.com \
--cc=jbeulich@suse.com \
--cc=julien@xen.org \
--cc=marmarek@invisiblethingslab.com \
--cc=michal.orzel@amd.com \
--cc=roger.pau@citrix.com \
--cc=sstabellini@kernel.org \
--cc=teddy.astie@vates.tech \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.