From: Demi Marie Obenour <demi@invisiblethingslab.com>
To: Ard Biesheuvel <ardb@kernel.org>, Jan Beulich <jbeulich@suse.com>
Cc: Juergen Gross <jgross@suse.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>,
linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org,
xen-devel@lists.xenproject.org
Subject: Re: [PATCH v3] Support ESRT in Xen dom0
Date: Wed, 21 Sep 2022 21:53:47 -0400 [thread overview]
Message-ID: <YyvATLLjX1jTOWGU@itl-email> (raw)
In-Reply-To: <CAMj1kXEJ9d3-8xa7rkczY7ur2zDm9CjqM7u1eEdHHmPG=Oo=xA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2845 bytes --]
On Tue, Sep 20, 2022 at 06:09:49PM +0200, Ard Biesheuvel wrote:
> On Tue, 20 Sept 2022 at 17:54, Jan Beulich <jbeulich@suse.com> wrote:
> >
> > On 20.09.2022 17:36, Ard Biesheuvel wrote:
> > > On Mon, 19 Sept 2022 at 21:33, Demi Marie Obenour
> > > <demi@invisiblethingslab.com> wrote:
> > >>
> > >> fwupd requires access to the EFI System Resource Table (ESRT) to
> > >> discover which firmware can be updated by the OS. Currently, Linux does
> > >> not expose the ESRT when running as a Xen dom0. Therefore, it is not
> > >> possible to use fwupd in a Xen dom0, which is a serious problem for e.g.
> > >> Qubes OS.
> > >>
> > >> Before Xen 4.16, this was not fixable due to hypervisor limitations.
> > >> The UEFI specification requires the ESRT to be in EfiBootServicesData
> > >> memory, which Xen will use for whatever purposes it likes. Therefore,
> > >> Linux cannot safely access the ESRT, as Xen may have overwritten it.
> > >>
> > >> Starting with Xen 4.17, Xen checks if the ESRT is in EfiBootServicesData
> > >> or EfiRuntimeServicesData memory. If the ESRT is in EfiBootServicesData
> > >> memory, Xen allocates some memory of type EfiRuntimeServicesData, copies
> > >> the ESRT to it, and finally replaces the ESRT pointer with a pointer to
> > >> the copy. Since Xen will not clobber EfiRuntimeServicesData memory,
> > >> this ensures that the ESRT can safely be accessed by the OS. It is safe
> > >> to access the ESRT under Xen if, and only if, it is in memory of type
> > >> EfiRuntimeServicesData.
> > >>
> > > TBH I still don't think this is a scalable approach. There are other
> > > configuration tables that may be passed in EFI boot services memory,
> > > and MS especially were pushing back in the UEFI forum on adding table
> > > types that were passed in anything other the EfiBootServicesData.
> >
> > Within Xen we might abstract the approach currently implemented in
> > case more such pieces of data appear.
> >
> > While I can easily believe MS might be advocating for this model,
> > I view it as problematic not only for Xen. How would you pass on
> > this information across kexec, for example, without introducing
> > further producer-consumer dependencies requiring separate protocols
> > to be followed?
> >
>
> In this case, I don't think this is unreasonable for configuration
> tables, which only have a GUID and a base address. If the OS knows the
> GUID, and knows how to interpret the contents, it can decide for
> itself whether or not to preserve it. If it doesn't know the GUID, the
> memory is just treated as available memory [after EBS()]
Should an OS uninstall any configuration tables that it does not
preserve if it ever plans to kexec()? Does Linux do this?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
prev parent reply other threads:[~2022-09-22 1:54 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-19 19:32 [PATCH v3] Support ESRT in Xen dom0 Demi Marie Obenour
2022-09-20 15:36 ` Ard Biesheuvel
2022-09-20 15:54 ` Jan Beulich
2022-09-20 16:09 ` Ard Biesheuvel
2022-09-21 20:34 ` Jan Beulich
2022-09-22 1:09 ` Demi Marie Obenour
2022-09-22 6:12 ` Jan Beulich
2022-09-22 14:55 ` Demi Marie Obenour
2022-09-22 15:05 ` Ard Biesheuvel
2022-09-22 18:11 ` Demi Marie Obenour
2022-09-22 22:14 ` Ard Biesheuvel
2022-09-22 23:25 ` Demi Marie Obenour
2022-09-23 6:45 ` Ard Biesheuvel
2022-09-22 1:53 ` Demi Marie Obenour [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YyvATLLjX1jTOWGU@itl-email \
--to=demi@invisiblethingslab.com \
--cc=ardb@kernel.org \
--cc=jbeulich@suse.com \
--cc=jgross@suse.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oleksandr_tyshchenko@epam.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.