* (pv)?grub and PVHv2 @ 2017-06-02 9:33 Marek Marczykowski-Górecki 2017-06-02 9:58 ` Roger Pau Monné 0 siblings, 1 reply; 9+ messages in thread From: Marek Marczykowski-Górecki @ 2017-06-02 9:33 UTC (permalink / raw) To: xen-devel [-- Attachment #1.1: Type: text/plain, Size: 355 bytes --] Hi, Is there any method to boot PVHv2 domain using a kernel fetched from that domain's disk image, _without_ mounting it in dom0? Something like pvgrub was for PV. -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? [-- Attachment #1.2: signature.asc --] [-- Type: application/pgp-signature, Size: 473 bytes --] [-- Attachment #2: Type: text/plain, Size: 127 bytes --] _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: (pv)?grub and PVHv2 2017-06-02 9:33 (pv)?grub and PVHv2 Marek Marczykowski-Górecki @ 2017-06-02 9:58 ` Roger Pau Monné 2017-06-02 11:16 ` Anthony PERARD 2017-06-05 10:55 ` George Dunlap 0 siblings, 2 replies; 9+ messages in thread From: Roger Pau Monné @ 2017-06-02 9:58 UTC (permalink / raw) To: Marek Marczykowski-Górecki; +Cc: anthony.perard, xen-devel On Fri, Jun 02, 2017 at 11:33:50AM +0200, Marek Marczykowski-Górecki wrote: > Hi, > > Is there any method to boot PVHv2 domain using a kernel fetched from > that domain's disk image, _without_ mounting it in dom0? Something like > pvgrub was for PV. Hello, Anthony (Cced) is working on an OVMF port, so it can be used as firmware for PVHv2 guests. I cannot seem to be able to find the original cover-letter of that patch series, this is the best I could find: https://lists.01.org/pipermail/edk2-devel/2017-January/006148.html Anthony will hopefully be able to provide more info on this. Roger. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: (pv)?grub and PVHv2 2017-06-02 9:58 ` Roger Pau Monné @ 2017-06-02 11:16 ` Anthony PERARD 2017-06-02 11:22 ` Marek Marczykowski-Górecki 2017-06-05 10:55 ` George Dunlap 1 sibling, 1 reply; 9+ messages in thread From: Anthony PERARD @ 2017-06-02 11:16 UTC (permalink / raw) To: Roger Pau Monné; +Cc: Marek Marczykowski-Górecki, xen-devel On Fri, Jun 02, 2017 at 10:58:54AM +0100, Roger Pau Monné wrote: > On Fri, Jun 02, 2017 at 11:33:50AM +0200, Marek Marczykowski-Górecki wrote: > > Hi, > > > > Is there any method to boot PVHv2 domain using a kernel fetched from > > that domain's disk image, _without_ mounting it in dom0? Something like > > pvgrub was for PV. > > Hello, > > Anthony (Cced) is working on an OVMF port, so it can be used as > firmware for PVHv2 guests. > > I cannot seem to be able to find the original cover-letter of that > patch series, this is the best I could find: > > https://lists.01.org/pipermail/edk2-devel/2017-January/006148.html Here for the cover-letter: https://lists.xenproject.org/archives/html/xen-devel/2016-12/msg00953.html But that a UEFI firmware, so I guess the guest would need UEFI support backed into the disk image. > Anthony will hopefully be able to provide more info on this. > > Roger. -- Anthony PERARD _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: (pv)?grub and PVHv2 2017-06-02 11:16 ` Anthony PERARD @ 2017-06-02 11:22 ` Marek Marczykowski-Górecki 0 siblings, 0 replies; 9+ messages in thread From: Marek Marczykowski-Górecki @ 2017-06-02 11:22 UTC (permalink / raw) To: Anthony PERARD; +Cc: xen-devel, Roger Pau Monné [-- Attachment #1.1: Type: text/plain, Size: 1245 bytes --] On Fri, Jun 02, 2017 at 12:16:06PM +0100, Anthony PERARD wrote: > On Fri, Jun 02, 2017 at 10:58:54AM +0100, Roger Pau Monné wrote: > > On Fri, Jun 02, 2017 at 11:33:50AM +0200, Marek Marczykowski-Górecki wrote: > > > Hi, > > > > > > Is there any method to boot PVHv2 domain using a kernel fetched from > > > that domain's disk image, _without_ mounting it in dom0? Something like > > > pvgrub was for PV. > > > > Hello, > > > > Anthony (Cced) is working on an OVMF port, so it can be used as > > firmware for PVHv2 guests. > > > > I cannot seem to be able to find the original cover-letter of that > > patch series, this is the best I could find: > > > > https://lists.01.org/pipermail/edk2-devel/2017-January/006148.html > > Here for the cover-letter: > https://lists.xenproject.org/archives/html/xen-devel/2016-12/msg00953.html Thanks! > But that a UEFI firmware, so I guess the guest would need UEFI support > backed into the disk image. That's totally ok. I assume it should point at linux.efi, not grub.efi, right? -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? [-- Attachment #1.2: signature.asc --] [-- Type: application/pgp-signature, Size: 473 bytes --] [-- Attachment #2: Type: text/plain, Size: 127 bytes --] _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: (pv)?grub and PVHv2 2017-06-02 9:58 ` Roger Pau Monné 2017-06-02 11:16 ` Anthony PERARD @ 2017-06-05 10:55 ` George Dunlap 2017-06-05 12:08 ` Andrew Cooper 2017-06-05 18:59 ` Marek Marczykowski-Górecki 1 sibling, 2 replies; 9+ messages in thread From: George Dunlap @ 2017-06-05 10:55 UTC (permalink / raw) To: Roger Pau Monné Cc: Anthony Perard, Marek Marczykowski-Górecki, xen-devel On Fri, Jun 2, 2017 at 10:58 AM, Roger Pau Monné <roger.pau@citrix.com> wrote: > On Fri, Jun 02, 2017 at 11:33:50AM +0200, Marek Marczykowski-Górecki wrote: >> Hi, >> >> Is there any method to boot PVHv2 domain using a kernel fetched from >> that domain's disk image, _without_ mounting it in dom0? Something like >> pvgrub was for PV. > > Hello, > > Anthony (Cced) is working on an OVMF port, so it can be used as > firmware for PVHv2 guests. I think in theory it shouldn't be too hard to port the pvgrub2 code to boot into PVH, since it already boots in PV, right? Is this something we should try to encourage, or do you think it would be better to route everyone through EFI? -George _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: (pv)?grub and PVHv2 2017-06-05 10:55 ` George Dunlap @ 2017-06-05 12:08 ` Andrew Cooper 2017-06-05 16:56 ` George Dunlap 2017-06-06 8:19 ` Jan Beulich 2017-06-05 18:59 ` Marek Marczykowski-Górecki 1 sibling, 2 replies; 9+ messages in thread From: Andrew Cooper @ 2017-06-05 12:08 UTC (permalink / raw) To: xen-devel On 05/06/17 11:55, George Dunlap wrote: > On Fri, Jun 2, 2017 at 10:58 AM, Roger Pau Monné <roger.pau@citrix.com> wrote: >> On Fri, Jun 02, 2017 at 11:33:50AM +0200, Marek Marczykowski-Górecki wrote: >>> Hi, >>> >>> Is there any method to boot PVHv2 domain using a kernel fetched from >>> that domain's disk image, _without_ mounting it in dom0? Something like >>> pvgrub was for PV. >> Hello, >> >> Anthony (Cced) is working on an OVMF port, so it can be used as >> firmware for PVHv2 guests. > I think in theory it shouldn't be too hard to port the pvgrub2 code to > boot into PVH, since it already boots in PV, right? > > Is this something we should try to encourage, or do you think it would > be better to route everyone through EFI? Even a PVH pvgrub still suffers the a priori problem which makes booting PV guests extremely difficult. You don't know ahead-of-time which bootloader the guest is using without peering at its disks, which opens a massive attack surface in dom0. Using things like EFI allows any compatible OS to function, not just ones which use grub. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: (pv)?grub and PVHv2 2017-06-05 12:08 ` Andrew Cooper @ 2017-06-05 16:56 ` George Dunlap 2017-06-06 8:19 ` Jan Beulich 1 sibling, 0 replies; 9+ messages in thread From: George Dunlap @ 2017-06-05 16:56 UTC (permalink / raw) To: Andrew Cooper; +Cc: xen-devel@lists.xen.org On Mon, Jun 5, 2017 at 1:08 PM, Andrew Cooper <andrew.cooper3@citrix.com> wrote: > On 05/06/17 11:55, George Dunlap wrote: >> On Fri, Jun 2, 2017 at 10:58 AM, Roger Pau Monné <roger.pau@citrix.com> wrote: >>> On Fri, Jun 02, 2017 at 11:33:50AM +0200, Marek Marczykowski-Górecki wrote: >>>> Hi, >>>> >>>> Is there any method to boot PVHv2 domain using a kernel fetched from >>>> that domain's disk image, _without_ mounting it in dom0? Something like >>>> pvgrub was for PV. >>> Hello, >>> >>> Anthony (Cced) is working on an OVMF port, so it can be used as >>> firmware for PVHv2 guests. >> I think in theory it shouldn't be too hard to port the pvgrub2 code to >> boot into PVH, since it already boots in PV, right? >> >> Is this something we should try to encourage, or do you think it would >> be better to route everyone through EFI? > > Even a PVH pvgrub still suffers the a priori problem which makes booting > PV guests extremely difficult. You don't know ahead-of-time which > bootloader the guest is using without peering at its disks, which opens > a massive attack surface in dom0. > > Using things like EFI allows any compatible OS to function, not just > ones which use grub. I wasn't suggesting loading the grub bootloader off the disk image; I was suggesting using a fixed pvgrub supplied by the host. That's what happens for PV guests using pvgrub at the moment. Using pvgrub allows any grub-compatible OS to function; using EFI allows any EFI-compatible OS to function. There are many which would be one but not the other. (But I suppose, there would not be many that were both PVH compatible and not EFI compatible.) -George _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: (pv)?grub and PVHv2 2017-06-05 12:08 ` Andrew Cooper 2017-06-05 16:56 ` George Dunlap @ 2017-06-06 8:19 ` Jan Beulich 1 sibling, 0 replies; 9+ messages in thread From: Jan Beulich @ 2017-06-06 8:19 UTC (permalink / raw) To: Andrew Cooper; +Cc: xen-devel >>> On 05.06.17 at 14:08, <andrew.cooper3@citrix.com> wrote: > On 05/06/17 11:55, George Dunlap wrote: >> On Fri, Jun 2, 2017 at 10:58 AM, Roger Pau Monné <roger.pau@citrix.com> wrote: >>> On Fri, Jun 02, 2017 at 11:33:50AM +0200, Marek Marczykowski-Górecki wrote: >>>> Hi, >>>> >>>> Is there any method to boot PVHv2 domain using a kernel fetched from >>>> that domain's disk image, _without_ mounting it in dom0? Something like >>>> pvgrub was for PV. >>> Hello, >>> >>> Anthony (Cced) is working on an OVMF port, so it can be used as >>> firmware for PVHv2 guests. >> I think in theory it shouldn't be too hard to port the pvgrub2 code to >> boot into PVH, since it already boots in PV, right? >> >> Is this something we should try to encourage, or do you think it would >> be better to route everyone through EFI? > > Even a PVH pvgrub still suffers the a priori problem which makes booting > PV guests extremely difficult. You don't know ahead-of-time which > bootloader the guest is using without peering at its disks, which opens > a massive attack surface in dom0. > > Using things like EFI allows any compatible OS to function, not just > ones which use grub. This is certainly valid to say when considering only 64-bit OSes, but as soon as you look at a mix of 32- and 64-bit ones there are complications again resulting from possibly mixed bitness between EFI and OS. Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: (pv)?grub and PVHv2 2017-06-05 10:55 ` George Dunlap 2017-06-05 12:08 ` Andrew Cooper @ 2017-06-05 18:59 ` Marek Marczykowski-Górecki 1 sibling, 0 replies; 9+ messages in thread From: Marek Marczykowski-Górecki @ 2017-06-05 18:59 UTC (permalink / raw) To: George Dunlap; +Cc: Anthony Perard, xen-devel, Roger Pau Monné [-- Attachment #1.1: Type: text/plain, Size: 1123 bytes --] On Mon, Jun 05, 2017 at 11:55:24AM +0100, George Dunlap wrote: > On Fri, Jun 2, 2017 at 10:58 AM, Roger Pau Monné <roger.pau@citrix.com> wrote: > > On Fri, Jun 02, 2017 at 11:33:50AM +0200, Marek Marczykowski-Górecki wrote: > >> Hi, > >> > >> Is there any method to boot PVHv2 domain using a kernel fetched from > >> that domain's disk image, _without_ mounting it in dom0? Something like > >> pvgrub was for PV. > > > > Hello, > > > > Anthony (Cced) is working on an OVMF port, so it can be used as > > firmware for PVHv2 guests. > > I think in theory it shouldn't be too hard to port the pvgrub2 code to > boot into PVH, since it already boots in PV, right? > > Is this something we should try to encourage, or do you think it would > be better to route everyone through EFI? For Qubes OS I think EFI is good enough here. Any system supporting PVHv2 also support EFI (right?), so it shouldn't limit anything. -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? [-- Attachment #1.2: signature.asc --] [-- Type: application/pgp-signature, Size: 473 bytes --] [-- Attachment #2: Type: text/plain, Size: 127 bytes --] _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2017-06-06 8:19 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-06-02 9:33 (pv)?grub and PVHv2 Marek Marczykowski-Górecki 2017-06-02 9:58 ` Roger Pau Monné 2017-06-02 11:16 ` Anthony PERARD 2017-06-02 11:22 ` Marek Marczykowski-Górecki 2017-06-05 10:55 ` George Dunlap 2017-06-05 12:08 ` Andrew Cooper 2017-06-05 16:56 ` George Dunlap 2017-06-06 8:19 ` Jan Beulich 2017-06-05 18:59 ` Marek Marczykowski-Górecki
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).