xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Daniel Kiper <daniel.kiper@oracle.com>
To: xen-devel@lists.xenproject.org
Cc: sstabellini@kernel.org, wei.liu2@citrix.com,
	george.dunlap@eu.citrix.com, andrew.cooper3@citrix.com,
	ian.jackson@eu.citrix.com, tim@xen.org, julien.grall@arm.com,
	jbeulich@suse.com, tamas.k.lengyel@gmail.com
Subject: [PATCH v2 0/8] Change xen.efi build and add SHIM_LOCK verification into efi_multiboot2()
Date: Tue, 19 Jun 2018 16:35:38 +0200	[thread overview]
Message-ID: <1529418946-30114-1-git-send-email-daniel.kiper@oracle.com> (raw)

Hey,

As in subject... This way we get:
  - one binary which can be loaded by the UEFI loader, Multiboot and
    Multiboot2 protocols,
  - UEFI secure boot support when Xen is loaded via Multiboot2 protocol,
  - if we wish, in the future we can drop xen/xen.gz and build
    xen.efi only,
  - crash dumps generated by the xen.efi loaded from the EFI loader
    can be analyzed by crash tool,
  - simpler code,
  - simpler build,
  - Xen build will no longer depend on ld i386pep support.

This patch series functionality does not depend on any GRUB2 changes.
So, review can commence without any obstacles. Though the GRUB2 have
to be changed to provide full verification chain. This will be
discussed in separate thread.

Daniel

 xen/Makefile                    |   26 +++---
 xen/arch/arm/efi/efi-boot.h     |    4 -
 xen/arch/x86/Makefile           |   88 +-------------------
 xen/arch/x86/Rules.mk           |    2 +
 xen/arch/x86/boot/head.S        |  205 +++++++++++++++++++++++++++++++++++++++++++--
 xen/arch/x86/efi/Makefile       |   17 +---
 xen/arch/x86/efi/buildid.ihex   |    3 -
 xen/arch/x86/efi/check.c        |    4 -
 xen/arch/x86/efi/efi-boot.h     |   84 ++++---------------
 xen/arch/x86/efi/mkreloc.c      |  384 ------------------------------------------------------------------------------------
 xen/arch/x86/efi/relocs-dummy.S |   11 ---
 xen/arch/x86/efi/stub.c         |   83 ------------------
 xen/arch/x86/xen.lds.S          |   95 ++++++---------------
 xen/common/efi/boot.c           |   21 +++--
 xen/common/version.c            |   51 ------------
 xen/include/xen/compile.h.in    |    1 +
 16 files changed, 277 insertions(+), 802 deletions(-)

Daniel Kiper (8):
      xen: calculate XEN_BUILD_TIME using XEN_BUILD_DATE value
      xen: introduce XEN_COMPILE_POSIX_TIME
      xen/x86: manually build xen.mb.efi binary
      xen/x86: add some addresses to the Multiboot header
      xen/x86: add some addresses to the Multiboot2 header
      efi: split out efi_shim_lock()
      xen/x86/efi: Verify dom0 kernel with SHIM_LOCK protocol in efi_multiboot2()
      efi: drop original xen.efi code and build mechanism


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

             reply	other threads:[~2018-06-19 14:36 UTC|newest]

Thread overview: 50+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-06-19 14:35 Daniel Kiper [this message]
2018-06-19 14:35 ` [PATCH v2 1/8] xen: calculate XEN_BUILD_TIME using XEN_BUILD_DATE value Daniel Kiper
2018-06-25 13:48   ` Jan Beulich
2018-07-04 12:06     ` Daniel Kiper
2018-07-04 13:58       ` Ian Jackson
2018-07-04 14:39         ` Daniel Kiper
2018-07-04 15:41           ` Ian Jackson
2018-07-04 15:51             ` Roger Pau Monné
2018-07-04 16:07             ` Daniel Kiper
2018-07-04 16:30               ` Ian Jackson
2018-07-04 16:55                 ` Daniel Kiper
2018-06-19 14:35 ` [PATCH v2 2/8] xen: introduce XEN_COMPILE_POSIX_TIME Daniel Kiper
2018-06-25 13:54   ` Jan Beulich
2018-06-25 14:00     ` Andrew Cooper
2018-07-04 12:19       ` Daniel Kiper
2018-06-19 14:35 ` [PATCH v2 3/8] xen/x86: manually build xen.mb.efi binary Daniel Kiper
2018-06-25 15:36   ` Jan Beulich
2018-07-04 14:01     ` Daniel Kiper
2018-07-04 15:27       ` Jan Beulich
2018-07-04 16:35         ` Daniel Kiper
2018-07-05  8:18           ` Jan Beulich
2018-07-06 14:02             ` Daniel Kiper
2018-07-06 15:08               ` Jan Beulich
2018-07-10 10:48                 ` Daniel Kiper
2018-07-10 13:54                   ` Jan Beulich
2018-07-11 11:41                     ` Daniel Kiper
     [not found]                       ` <5B45ECF8020000FA04BD1FEB@prv1-mh.provo.novell.com>
2018-07-11 12:26                         ` Jan Beulich
2018-07-12 10:52                           ` Daniel Kiper
     [not found]                             ` <5B4733110200007F03CC3F14@prv1-mh.provo.novell.com>
2018-07-12 11:50                               ` Jan Beulich
2018-06-19 14:35 ` [PATCH v2 4/8] xen/x86: add some addresses to the Multiboot header Daniel Kiper
2018-06-28 13:41   ` Jan Beulich
2018-06-19 14:35 ` [PATCH v2 5/8] xen/x86: add some addresses to the Multiboot2 header Daniel Kiper
2018-06-28 13:42   ` Jan Beulich
2018-06-19 14:35 ` [PATCH v2 6/8] efi: split out efi_shim_lock() Daniel Kiper
2018-06-28 13:43   ` Jan Beulich
2018-06-19 14:35 ` [PATCH v2 7/8] xen/x86/efi: Verify dom0 kernel with SHIM_LOCK protocol in efi_multiboot2() Daniel Kiper
2018-06-28 13:48   ` Jan Beulich
2018-06-19 14:35 ` [PATCH v2 8/8] efi: drop original xen.efi code and build mechanism Daniel Kiper
2018-06-28 13:51   ` Jan Beulich
2018-07-04 14:25     ` Daniel Kiper
2018-07-04 15:34       ` Jan Beulich
2018-07-04 16:48         ` Daniel Kiper
2018-07-05  8:35           ` Jan Beulich
2018-07-06 14:46             ` Daniel Kiper
2018-07-06 15:16               ` Jan Beulich
2018-07-10 11:35                 ` Daniel Kiper
2018-07-10 14:05                   ` Jan Beulich
2018-07-11 11:57                     ` Daniel Kiper
     [not found]                       ` <5B45F0CD0200007F03CB4495@prv1-mh.provo.novell.com>
2018-07-11 12:33                         ` Jan Beulich
2018-07-12 10:57                           ` Daniel Kiper

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1529418946-30114-1-git-send-email-daniel.kiper@oracle.com \
    --to=daniel.kiper@oracle.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=george.dunlap@eu.citrix.com \
    --cc=ian.jackson@eu.citrix.com \
    --cc=jbeulich@suse.com \
    --cc=julien.grall@arm.com \
    --cc=sstabellini@kernel.org \
    --cc=tamas.k.lengyel@gmail.com \
    --cc=tim@xen.org \
    --cc=wei.liu2@citrix.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).