From: George Dunlap <dunlapg@umich.edu>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: (pv)?grub and PVHv2
Date: Mon, 5 Jun 2017 17:56:21 +0100 [thread overview]
Message-ID: <CAFLBxZbp9q-uKh8P+pkx2siuzHSGV8N_HzB07aWb9WeWWsc11g@mail.gmail.com> (raw)
In-Reply-To: <15b77c51-7788-ee32-eb74-9c7a3c2e0692@citrix.com>
On Mon, Jun 5, 2017 at 1:08 PM, Andrew Cooper <andrew.cooper3@citrix.com> wrote:
> On 05/06/17 11:55, George Dunlap wrote:
>> On Fri, Jun 2, 2017 at 10:58 AM, Roger Pau Monné <roger.pau@citrix.com> wrote:
>>> On Fri, Jun 02, 2017 at 11:33:50AM +0200, Marek Marczykowski-Górecki wrote:
>>>> Hi,
>>>>
>>>> Is there any method to boot PVHv2 domain using a kernel fetched from
>>>> that domain's disk image, _without_ mounting it in dom0? Something like
>>>> pvgrub was for PV.
>>> Hello,
>>>
>>> Anthony (Cced) is working on an OVMF port, so it can be used as
>>> firmware for PVHv2 guests.
>> I think in theory it shouldn't be too hard to port the pvgrub2 code to
>> boot into PVH, since it already boots in PV, right?
>>
>> Is this something we should try to encourage, or do you think it would
>> be better to route everyone through EFI?
>
> Even a PVH pvgrub still suffers the a priori problem which makes booting
> PV guests extremely difficult. You don't know ahead-of-time which
> bootloader the guest is using without peering at its disks, which opens
> a massive attack surface in dom0.
>
> Using things like EFI allows any compatible OS to function, not just
> ones which use grub.
I wasn't suggesting loading the grub bootloader off the disk image; I
was suggesting using a fixed pvgrub supplied by the host. That's what
happens for PV guests using pvgrub at the moment.
Using pvgrub allows any grub-compatible OS to function; using EFI
allows any EFI-compatible OS to function. There are many which would
be one but not the other. (But I suppose, there would not be many
that were both PVH compatible and not EFI compatible.)
-George
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-06-05 16:56 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-02 9:33 (pv)?grub and PVHv2 Marek Marczykowski-Górecki
2017-06-02 9:58 ` Roger Pau Monné
2017-06-02 11:16 ` Anthony PERARD
2017-06-02 11:22 ` Marek Marczykowski-Górecki
2017-06-05 10:55 ` George Dunlap
2017-06-05 12:08 ` Andrew Cooper
2017-06-05 16:56 ` George Dunlap [this message]
2017-06-06 8:19 ` Jan Beulich
2017-06-05 18:59 ` Marek Marczykowski-Górecki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFLBxZbp9q-uKh8P+pkx2siuzHSGV8N_HzB07aWb9WeWWsc11g@mail.gmail.com \
--to=dunlapg@umich.edu \
--cc=andrew.cooper3@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).