From mboxrd@z Thu Jan  1 00:00:00 1970
From: George Dunlap <george.dunlap@eu.citrix.com>
Subject: Re: Xen 4.3 development update, and stock-taking
Date: Thu, 17 Jan 2013 13:58:16 +0000
Message-ID: <50F80378.4070105@eu.citrix.com>
References: <CAFLBxZZrWH9mT88tPsvBe1C7cJYA8UBBr1XxXUt4S26Df=bzzg@mail.gmail.com>
	<50F7CDBF02000078000B6A95@nat28.tlf.novell.com>
	<50F7DCA2.1070405@eu.citrix.com>
	<50F801F102000078000B6CEE@nat28.tlf.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <50F801F102000078000B6CEE@nat28.tlf.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>, "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
List-Id: xen-devel@lists.xenproject.org

On 17/01/13 12:51, Jan Beulich wrote:
>> On 17/01/13 09:09, Jan Beulich wrote:
>>> But of course pv-ops Linux continues to lack EFI support altogether.
>> OK, so I think the description needs an update, then.  For Xen to be
>> fully featured, I think it would need all of the following:
>> * An EFI-bootable dom0 (this should be done, right?)
> "Done" in the sense of todo for pvops (our kernels have been able
> to for quite a long while).

Just to be clear here: are you saying that there is no way to boot Xen 
directly from EFI with a pvops kernel?  if so, that seems like a pretty 
big deal to me...

>
>> * dom0 able to make use of EFI run-time services
> Indirectly, through hypercalls.

Naturally. :-)

>
>> * Xen able to use EFI boot-time services (?)
> Sure, that's how things work. Otherwise we wouldn't boot at
> all from EFI. The one extra thing that some people had asked
> for was to be able to also properly boot Xen via grub.efi.

Doesn't this already work?

>
>> * Xen able to detect the existence of a signed Linux binary, and leave
>> EFI boot-time services enabled for dom0 to use when appropriate
> No. We can't leave bot services enabled, and we also don't
> need to. The model is that only the Dom0 kernel binary needs
> validation at the boot loader level. Everything else will be
> done in the kernel (including initrd validation, or really the
> parts of it that need validation).

As I understood it, the Ubuntu bootloader will not require an image to 
be signed to boot.  Nonetheless, Ubuntu are still signing their kernel 
images, because they want the kernel to be able to play some fancy 
tricks for which they need boot-time services.  (I think this is 
something to do with making it easy to upload your own keys.) Full EFI 
functionality for Xen would include the ability to do this as well.

  -George