From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1VbaGh-00007k-Gu for mharc-grub-devel@gnu.org; Wed, 30 Oct 2013 14:13:23 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:39156) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VbU6P-0002HJ-Ib for grub-devel@gnu.org; Wed, 30 Oct 2013 07:38:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VbU6G-0003n3-Tf for grub-devel@gnu.org; Wed, 30 Oct 2013 07:38:21 -0400 Received: from mail-ee0-x22e.google.com ([2a00:1450:4013:c00::22e]:64459) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VbU6G-0003mt-JE for grub-devel@gnu.org; Wed, 30 Oct 2013 07:38:12 -0400 Received: by mail-ee0-f46.google.com with SMTP id c1so571965eek.5 for ; Wed, 30 Oct 2013 04:38:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; bh=Bh5M9xr4dl6zY4feolVs0YJgOWB4u78cwhDHJz0OR2w=; b=slYQISzLkTwxrzf4e1Yv9bamI9T4ivqvA2bjqZv8hmH8QEXhk5UkHGo3ZCcjLkTfy5 qHvcpi7mUXSdIMzu1Ep+aouINxT/VHz6aSKI3UdxmOIubjgLMiKE9+sBgiKQO3TSGWX5 KbGdfiE8KGQR++Dm2cJGBAATq5i0iv5T0n4pxFSA7/wvnj2RXjztfKyIJoiZlIpbHJF9 efyvBIXGi3TNoqRDIhr8vVlr+s2MMxmgE5F7H+ujN4ShHBYzhrvdgMuVfWhQjTTsrFx2 trm/0ROWME0WBSE3nuhMD9SKRz1Wln+iTgqCmG8/algh+6VYunoPjFGPbE8jZynFuS3n 2vtA== X-Received: by 10.14.45.70 with SMTP id o46mr4541281eeb.19.1383133091583; Wed, 30 Oct 2013 04:38:11 -0700 (PDT) Received: from [192.168.1.16] (31-249.1-85.cust.bluewin.ch. [85.1.249.31]) by mx.google.com with ESMTPSA id s3sm82439298eeo.3.2013.10.30.04.38.09 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 30 Oct 2013 04:38:10 -0700 (PDT) Message-ID: <5270EF9F.4040906@gmail.com> Date: Wed, 30 Oct 2013 12:38:07 +0100 From: =?UTF-8?B?VmxhZGltaXIgJ8+GLWNvZGVyL3BoY29kZXInIFNlcmJpbmVua28=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131005 Icedove/17.0.9 MIME-Version: 1.0 To: Daniel Kiper Subject: Re: Is: Wrap-up Was: Re: EFI and multiboot2 devlopment work for Xen References: <20131021125756.GA3626@debian70-amd64.local.net-space.pl> <526599A8.9090501@gmail.com> <52663D54.2020800@gmail.com> <20131028162603.GA4716@phenom.dumpdata.com> <526EA686.70008@gmail.com> <526F7FC402000078000FD7BA@nat28.tlf.novell.com> <20131030111924.GE3425@debian70-amd64.local.net-space.pl> In-Reply-To: <20131030111924.GE3425@debian70-amd64.local.net-space.pl> X-Enigmail-Version: 1.5.1 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="----enig2CKMTRABBCQAXXCGWNQKA" X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:4013:c00::22e X-Mailman-Approved-At: Wed, 30 Oct 2013 14:13:22 -0400 Cc: The development of GNU GRUB , keir@xen.org, david.woodhouse@intel.com, stefano.stabellini@eu.citrix.com, arvidjaar@gmail.com, mchang.novell@gmail.com, linux-kernel@vger.kernel.org, mjg59@srcf.ucam.org, ross.philipson@citrix.com, mchang@suse.com, shidokht.yadegari@oracle.com, seth.goldberg@oracle.com, Jan Beulich , neal.pollack@oracle.com, boris.ostrovsky@oracle.com, xen-devel@lists.xen.org, richard.l.maliszewski@intel.com, ian.campbell@citrix.com X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2013 11:38:30 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2CKMTRABBCQAXXCGWNQKA Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 30.10.2013 12:19, Daniel Kiper wrote: > Hi, > multiboot2 protocol requires some more changes. However, about 80% of c= ode > is ready. In this case Xen and modules are loaded by GRUB2 itself. It m= eans > that all images could be placed on any filesystem recognized by GRUB2. = Options > for Xen and modules are passed separately which simplifies command line= editing > in boot loader and parsing. multiboot2 protocol is very flexible and co= uld be > easily extended in the future if a need arises. Support for secure boot= and > shim loader could be added. However, it was not implemented yet. Probab= ly > linuxefi module could be used as a reference or even as a base for deve= lopment. > However, I do not know are there plans to support such solution by GRUB= 2 > community. Currently, support for native PE images signatures and GPG s= ignatures > is under development for GRUB2 upstream. >=20 GPG signatures are supported already. My plan is as follows: - Implement PE signatures upstream. - Uplift as much of secureboot to upstream as policy permits. I would like to be in partnership over this with some distro people so that they can carry remaining part (unless FSF allows secureboot per policy) > There is still open question that ExitBootServices() should be called b= y GRUB2 > loader or by loaded image itself on EFI platform. UEFI spec 2.4 states = in many > places that it is "OS loader" or "Operating System" responsibility. How= ever, > I think that "OS loader" should be understood as a integral piece of "O= perating > System" responsible for its load into memory without usage of any addit= ional > loader like GRUB2. "Operating system" isn't just kernel. Everything you get in base install is "Operating system" including i.a. shell or bootloader. However this is kind of decision that couldn't be taken based on spec alone. The bugs in real-world EFI implementations play more role in design solutions that EFI specification. > There is also third solution for issues with ExitBootServices(). In cas= e > of multiboot2 protocol OS could request that EFI should be left as is. > Solution was proposed by Vladimir and I think that it makes sense. I will write the specification draft for it then but probably not today. > However, > this does not solve problem with ExitBootServices() in case of other > boot loaders/protocols. multiboot2 was designed in a way not to be limited to GRUB2. It can be added to other bootloaders as well. > So we should take a decision accordingly to above > considerations in regards to linux, chainloader and similar stuff. >=20 > Daniel >=20 ------enig2CKMTRABBCQAXXCGWNQKA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iF4EAREKAAYFAlJw76AACgkQNak7dOguQgkcTQD9E/DuKgYPmB4xTi/KmHRKtmXF kP+MFH+CHNG1vbCdMO4A/0+RaTXNTlstLoKNPkChVKrWthvF1TNE4dWY+NCbhWb0 =A7fV -----END PGP SIGNATURE----- ------enig2CKMTRABBCQAXXCGWNQKA--