From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1W5bcf-0000gF-5z for mharc-grub-devel@gnu.org; Tue, 21 Jan 2014 08:44:09 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34257) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W5bcb-0000f9-Kl for grub-devel@gnu.org; Tue, 21 Jan 2014 08:44:06 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1W5bcW-0005aE-Rg for grub-devel@gnu.org; Tue, 21 Jan 2014 08:44:05 -0500 Received: from v6.chiark.greenend.org.uk ([2001:ba8:1e3::]:43421 helo=chiark.greenend.org.uk) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W5bcW-0005Zw-Mg for grub-devel@gnu.org; Tue, 21 Jan 2014 08:44:00 -0500 Received: from [172.20.153.9] (helo=riva.pelham.vpn.ucam.org) by chiark.greenend.org.uk (Debian Exim 4.72 #1) with esmtps (return-path cjwatson@ubuntu.com) id 1W5bcV-0005l2-58 for grub-devel@gnu.org; Tue, 21 Jan 2014 13:43:59 +0000 Received: from ns1.pelham.vpn.ucam.org ([172.20.153.2] helo=riva.ucam.org) by riva.pelham.vpn.ucam.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1W5bcU-00031t-Cw for grub-devel@gnu.org; Tue, 21 Jan 2014 13:43:58 +0000 Date: Tue, 21 Jan 2014 13:43:57 +0000 From: Colin Watson To: grub-devel@gnu.org Subject: Re: [PATCH] Add linuxefi module Message-ID: <20140121134357.GA11502@riva.ucam.org> References: <1390260488-18091-1-git-send-email-lkundrak@v3.sk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:ba8:1e3:: X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jan 2014 13:44:07 -0000 On Mon, Jan 20, 2014 at 08:46:48PM -0500, SevenBits wrote: > On Monday, January 20, 2014, Lubomir Rintel wrote: > > From: Matthew Garrett > > > > This adds linuxefi module that provides a way to load Linux kernel > > and RAM disk image via EFI services with linuxefi and initrdefi > > commands, analogous to linux and initrd commands. > > Why? What's wrong with the standard linux and initrd commands? They work > just fine under UEFI. The background to this is that if conditions permit it's helpful to hand over to the kernel without calling ExitBootServices first, because it allows the kernel to do more of its own quirks handling. If shim is present then it's used for signature verification first, since UEFI Secure Boot forbids executing unsigned code before ExitBootServices; although this patch is configured such that if shim is missing then no signature check is performed (which is probably reasonable for upstreaming). We're carrying this patch in Debian/Ubuntu too, although I had to disable it on i386_efi - I think it failed tests there. It's a while since I checked, and that patch might be obsolete now. I also have an additional fairly trivial patch to add more debugging printfs to linuxefi, which I could apply if this is accepted. I would be inclined to say that linuxefi should be essentially an internal implementation detail, and that linux should forward to linuxefi if appropriate. I was never a particular fan of Matthew's approach of adding an entirely new set of commands for it, and we don't expose those in the configuration we generate in the Debian/Ubuntu packaging. -- Colin Watson [cjwatson@ubuntu.com]