From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: Daniel Kiper <daniel.kiper@oracle.com>,
ian.campbell@citrix.com, ross.philipson@citrix.com,
stefano.stabellini@eu.citrix.com, grub-devel@gnu.org,
david.woodhouse@intel.com, richard.l.maliszewski@intel.com,
xen-devel <xen-devel@lists.xenproject.org>,
boris.ostrovsky@oracle.com, pjones@redhat.com,
linux-kernel@vger.kernel.org, keir@xen.org
Subject: Re: EFI and multiboot2 devlopment work for Xen
Date: Mon, 21 Oct 2013 10:23:47 -0400 [thread overview]
Message-ID: <20131021142347.GB4211@phenom.dumpdata.com> (raw)
In-Reply-To: <52654A0602000078000FC611@nat28.tlf.novell.com>
On Mon, Oct 21, 2013 at 02:36:38PM +0100, Jan Beulich wrote:
> >>> On 21.10.13 at 14:57, Daniel Kiper <daniel.kiper@oracle.com> wrote:
>
> (Looking at the Cc list it's quite interesting that you copied a
> whole lot of people, but not me as the maintainer of the EFI
> bits in Xen.)
I see this:
From: Daniel Kiper <daniel.kiper@oracle.com>
To: boris.ostrovsky@oracle.com, david.woodhouse@intel.com,
ian.campbell@citrix.com, jbeulich@suse.com, keir@xen.org,
You are on the 'To' instead of the 'CC'. That should make the email
arrive at your mailbox much quicker than through the mailing list?
>
> > Separate multiboot2efi module should be established. It should verify system
> > kernel and all loaded modules using shim on EFI platforms with enabled
> > secure boot
>
> Each involved component verifies only the next image. I.e. the
> shim verifies the Xen image, and Xen verifies the Dom0 kernel
> binary. The Dom0 kernel (assuming it to be Linux) will then be
> responsible for dealing with its initrd. (One open question is how
> Xen ought to deal with an eventual XSM module; I take it that
> the CPUs themselves take care of the microcode blob.) This can't
> be different because the shim provided verification protocol
> assumes that it's being handed a PE image (hence the need for
> Linux to package itself as a fake PE image), and hence can't be
> used for verifying other than the Xen and Dom0 kernel binaries.
>
> > At first I am going to prepare multiboot2 protocol implementation for Xen
> > (there
> > is about 80% of code ready) with above mentioned workaround.
>
> Is that really worthwhile as long as it's not clear whether ...
>
> > Later I am going to work on multiboot2efi module.
>
> ... is going to be accepted?
>
> > What do you think about that?
> > Any comments, suggestions, objections?
>
> The complications here make it pretty clear to me that the
> GrUB2-less solution (or, if GruB2 absolutely has to be involved,
> its chain loading capability) I have been advocating continues
> to be the better (and, as said before, conceptually correct)
> model.
However my understanding is that the general distro approach is
to use GRUB2 and I think we want to follow the mainstream on this.
Which means using GRUB2 and making sense of the myrid of patches
that each distro has.
next prev parent reply other threads:[~2013-10-21 14:25 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-21 12:57 EFI and multiboot2 devlopment work for Xen Daniel Kiper
2013-10-21 13:36 ` Jan Beulich
2013-10-21 14:23 ` Konrad Rzeszutek Wilk [this message]
2013-10-21 14:37 ` Jan Beulich
2013-10-21 18:46 ` Daniel Kiper
2013-10-22 7:16 ` Jan Beulich
2013-10-21 18:39 ` Daniel Kiper
2013-10-22 7:15 ` Jan Beulich
2013-10-21 13:54 ` Peter Jones
2013-10-21 18:57 ` Daniel Kiper
2013-10-22 9:26 ` Ian Campbell
2013-10-22 9:31 ` Jan Beulich
2013-10-22 9:45 ` Ian Campbell
2013-10-22 9:59 ` Jan Beulich
2013-10-22 13:42 ` Konrad Rzeszutek Wilk
2013-10-22 13:53 ` Ian Campbell
2013-10-22 14:09 ` Konrad Rzeszutek Wilk
2013-10-22 14:24 ` Ian Campbell
2013-10-22 14:51 ` Konrad Rzeszutek Wilk
2013-10-22 14:59 ` Jan Beulich
2013-10-22 15:35 ` Peter Jones
2013-10-22 15:39 ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-10-22 16:31 ` Konrad Rzeszutek Wilk
2013-10-22 15:22 ` [Xen-devel] " Ian Campbell
2013-10-22 16:26 ` Konrad Rzeszutek Wilk
2013-10-23 8:32 ` Ian Campbell
2013-10-23 13:13 ` Konrad Rzeszutek Wilk
2013-10-23 14:07 ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-10-23 17:13 ` Andrey Borzenkov
2013-10-23 16:17 ` Jan Beulich
2013-10-23 16:14 ` Jan Beulich
2013-10-23 17:01 ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-10-24 6:53 ` Jan Beulich
2013-10-22 14:10 ` Jan Beulich
2013-10-22 14:18 ` Woodhouse, David
2013-10-22 14:57 ` Konrad Rzeszutek Wilk
2013-10-22 15:21 ` Ian Campbell
2013-10-22 16:24 ` Konrad Rzeszutek Wilk
2013-10-22 16:27 ` Ian Campbell
2013-10-22 15:23 ` Ian Campbell
2013-10-22 14:43 ` Konrad Rzeszutek Wilk
2013-10-22 15:25 ` Woodhouse, David
2013-10-22 15:32 ` Matthew Garrett
2013-10-22 15:42 ` Woodhouse, David
2013-10-22 16:01 ` Daniel Kiper
2013-10-22 16:08 ` Ian Campbell
2013-10-22 16:14 ` Daniel Kiper
2013-10-22 16:25 ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-10-22 16:31 ` Ian Campbell
2013-10-22 16:38 ` Konrad Rzeszutek Wilk
2013-10-22 16:24 ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-10-22 16:36 ` Maliszewski, Richard L
2013-10-22 16:51 ` Daniel Kiper
2013-10-22 17:09 ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-10-22 17:21 ` Maliszewski, Richard L
2013-10-23 7:53 ` Daniel Kiper
2013-10-22 16:35 ` Konrad Rzeszutek Wilk
2013-10-23 6:49 ` Michael Chang
2013-10-23 6:51 ` Michael Chang
2013-10-23 6:56 ` Daniel Kiper
2013-10-21 20:53 ` Seth Goldberg
2013-10-21 21:27 ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-10-21 21:27 ` Seth Goldberg
2013-10-21 21:16 ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-10-22 8:54 ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-10-23 7:05 ` Daniel Kiper
2013-10-23 8:28 ` Seth Goldberg
2013-10-23 10:43 ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-10-28 16:26 ` Konrad Rzeszutek Wilk
2013-10-28 18:01 ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-10-29 8:28 ` Jan Beulich
2013-10-30 11:19 ` Is: Wrap-up Was: " Daniel Kiper
2013-10-30 11:38 ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-11-04 20:41 ` Stefano Stabellini
2013-11-05 19:15 ` Leif Lindholm
2013-10-28 18:42 ` Seth Goldberg
2013-10-22 17:12 ` Andrey Borzenkov
2013-10-22 17:20 ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-10-23 7:43 ` Daniel Kiper
2013-10-23 8:44 ` Vladimir 'φ-coder/phcoder' Serbinenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131021142347.GB4211@phenom.dumpdata.com \
--to=konrad.wilk@oracle.com \
--cc=JBeulich@suse.com \
--cc=boris.ostrovsky@oracle.com \
--cc=daniel.kiper@oracle.com \
--cc=david.woodhouse@intel.com \
--cc=grub-devel@gnu.org \
--cc=ian.campbell@citrix.com \
--cc=keir@xen.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pjones@redhat.com \
--cc=richard.l.maliszewski@intel.com \
--cc=ross.philipson@citrix.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).