On Tue, Feb 28, 2017 at 07:09:14PM +, Andrew Cooper wrote:
> On 28/02/17 19:01, Daniel Kiper wrote:
> > On Tue, Feb 28, 2017 at 05:58:26PM +, Andrew Cooper wrote:
> >> On 28/02/17 17:41, Daniel Kiper wrote:
> >>> On Tue, Feb 28, 2017 at 04:08:35PM +, And
On Thu, Mar 02, 2017 at 10:42:57AM +, Andrew Cooper wrote:
> On 02/03/17 10:41, Daniel Kiper wrote:
> > On Wed, Mar 01, 2017 at 11:53:52PM +, osstest service owner wrote:
> >> branch xen-unstable
> >> xenbranch xen-unstable
> >> job test-amd64-i386-
On Fri, Apr 14, 2017 at 04:17:54PM +0100, Andrew Cooper wrote:
> On 14/04/2017 15:54, Daniel Kiper wrote:
> > Hey,
> >
> > Has anybody tried to run EFI + tboot + Xen?
> > I have a feeling that it does not work because
> > tboot shuts down EFI boot servic
This is based on git://git.savannah.gnu.org/grub.git phcoder/verifiers branch.
Just an RFC.
TODO:
- disable the GRUB2 modules load/unload,
- disable the dangerous modules, e.g. iorw, memrw.
Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com>
---
grub-core/Makefile.core.def
Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com>
---
xen/arch/x86/boot/head.S| 20 ++--
xen/arch/x86/efi/efi-boot.h | 12 +++-
xen/arch/x86/efi/stub.c |5 -
3 files changed, 33 insertions(+), 4 deletions(-)
diff --git a/xen/arch/x86/boot/he
..which verifies PE signatures with SHIM_LOCK protocol. We want
to re-use this code in subsequent patch in efi_multiboot2().
Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com>
---
xen/common/efi/boot.c | 19 +--
1 file changed, 13 insertions(+), 6 deletions(-)
diff
by crash tool,
- simpler code,
- simpler build,
- Xen build will no longer depend on ld i386pep support.
Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com>
---
xen/arch/x86/Rules.mk|2 +
xen/arch/x86/boot/head.S | 145 ++
xen/ar
Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com>
---
xen/arch/x86/Makefile |1 +
1 file changed, 1 insertion(+)
diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
index 93ead6e..e09f5f4 100644
--- a/xen/arch/x86/Makefile
+++ b/xen/arch/x86/Makefile
@@ -95,6 +95,7 @@ sym
MULTIBOOT2_HEADER_TAG_ENTRY_ADDRESS and
MULTIBOOT2_HEADER_TAG_ENTRY_ADDRESS_EFI64 tags close to each other.
Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com>
---
xen/arch/x86/boot/head.S | 19 +++
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x8
/include/xen/compile.h.in |1 +
9 files changed, 245 insertions(+), 22 deletions(-)
Daniel Kiper (7):
xen: Introduce XEN_COMPILE_POSIX_TIME
xen/x86: Manually build PE header
xen/x86: Add some addresses to the Multiboot header
xen/x86: Add some addresses to the Multiboot2
In comparison to ELF the PE format is not supported by the Multiboot
protocol. So, if we wish to load xen.efi using this protocol we have
to put header_addr, load_addr, load_end_addr, bss_end_addr and
entry_addr data into Multiboot header.
Signed-off-by: Daniel Kiper <daniel.ki...@oracle.
We need the POSIX time to properly fill the TimeDateStamp field in the PE
header.
Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com>
---
xen/Makefile | 14 --
xen/include/xen/compile.h.in |1 +
2 files changed, 9 insertions(+), 6 deletions(-)
diff
==
>
> * Per-cpu tasklet
> - XEN-28
> - Konrad Rzeszutek Wilk
>
> * Add support of rcu_idle_{enter,exit}
> - XEN-27
> - Dario Faggioli
>
> === x86 ===
Could you add the following project to the list?
* Change xen.efi build and add SHIM_LOCK verific
On Thu, Jul 20, 2017 at 11:16:39AM +0200, Greg Kroah-Hartman wrote:
> On Thu, Jul 20, 2017 at 10:39:10AM +0200, Ingo Molnar wrote:
> >
> > * Daniel Kiper <daniel.ki...@oracle.com> wrote:
> >
> > > Hey Greg,
> > >
> > > On Wed, Jul
On Wed, Jul 19, 2017 at 01:12:14PM +0200, Greg Kroah-Hartman wrote:
> On Wed, Jul 19, 2017 at 12:37:47PM +0200, Daniel Kiper wrote:
> > Hey Greg,
> >
> > On Wed, Jul 19, 2017 at 11:43:32AM +0200, Greg Kroah-Hartman wrote:
> > > 4.12-stable review patch. If anyone has
On Wed, Jul 19, 2017 at 01:19:58PM +0200, Greg Kroah-Hartman wrote:
> On Wed, Jul 19, 2017 at 01:12:14PM +0200, Greg Kroah-Hartman wrote:
> > On Wed, Jul 19, 2017 at 12:37:47PM +0200, Daniel Kiper wrote:
> > > Hey Greg,
> > >
> > > On Wed, Jul 19, 2017 at 11:43:
Hey Greg,
On Wed, Jul 19, 2017 at 11:43:32AM +0200, Greg Kroah-Hartman wrote:
> 4.12-stable review patch. If anyone has any objections, please let me know.
Why did you skip this patch for 4.11? IMO it should be applied there too.
Daniel
___
On Mon, Jul 03, 2017 at 11:37:29AM +0100, Lars Kurth wrote:
> Folks, (committers and speakers/moderators CC'ed)
>
> I have a few extra sessions from Jan which came in today. Most of Tuesday
> in x86 stuff, so there is no space. I merged one of my session with a proposal
> from Jan, but it seems to
On Wed, Jul 05, 2017 at 10:27:19AM -0700, PGNet Dev wrote:
> On 7/5/17 12:58 AM, Jan Beulich wrote:
> >So there are two problems here: One is the fact that the kernel
> >really should put an Invalid Opcode exception handler in place
> >before intentionally raising any such exceptions (which WARN()
On Tue, Jul 04, 2017 at 09:01:27AM +0100, Roger Pau Monne wrote:
> On Mon, Jul 03, 2017 at 11:37:29AM +0100, Lars Kurth wrote:
> > Folks, (committers and speakers/moderators CC'ed)
> >
> > I have a few extra sessions from Jan which came in today. Most of Tuesday
> > in x86 stuff, so there is no
Hey,
CC-ing Xen-devel to spread some knowledge about the issue.
On Mon, May 15, 2017 at 10:42:23AM +0100, George Dunlap wrote:
> On Wed, May 10, 2017 at 11:36 PM, Bill Jacobs (billjac)
> wrote:
> > Hi all
> >
> > I gather that with 4.9, UEFI secure boot of Xen should be
Hi Julien,
On Mon, May 15, 2017 at 02:43:28PM +0100, Julien Grall wrote:
> Hi Daniel,
>
> On 15/05/17 14:38, Daniel Kiper wrote:
> >On Sun, May 14, 2017 at 03:43:44PM +0800, fu@linaro.org wrote:
> >>From: Fu Wei <fu@linaro.org>
> >>
> >
On Sun, May 14, 2017 at 03:43:44PM +0800, fu@linaro.org wrote:
> From: Fu Wei
>
> This patchset add xen_boot support into grub-mkconfig for
> generating xen boot entrances automatically
>
> Also update the docs/grub.texi for new xen_boot commands.
LGTM, if there are no
On Mon, May 15, 2017 at 07:09:54PM +, Bill Jacobs (billjac) wrote:
> > -Original Message-
> > From: Daniel Kiper [mailto:daniel.ki...@oracle.com]
> > Sent: Monday, May 15, 2017 6:13 AM
> > To: Bill Jacobs (billjac) <bill...@cisco.com>; george.dun..
On Wed, Jun 21, 2017 at 11:24:06AM +0200, Ingo Molnar wrote:
>
> * Daniel Kiper <daniel.ki...@oracle.com> wrote:
>
> > -static const struct efi efi_xen __initconst = {
> > - .systab = NULL, /* Initialized later. */
> > - .runtime_version
On Wed, Jun 21, 2017 at 09:10:51AM +0100, Andrew Cooper wrote:
> On 20/06/2017 21:14, Daniel Kiper wrote:
> > Current approach, wholesale efi struct initialization from efi_xen, is not
> > good. Usually if new member is defined then it is properly initialized in
> > drive
insertions(+), 34 deletions(-)
Daniel Kiper (2):
efi: Process MEMATTR table only if EFI_MEMMAP
x86/xen/efi: Init only efi struct members used by Xen
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
Otherwise e.g. Xen dom0 on x86_64 EFI platforms crashes.
In theory we can check EFI_PARAVIRT too, however,
EFI_MEMMAP looks more generic and covers more cases.
Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com>
---
drivers/firmware/efi/efi.c |3 ++-
1 file changed, 2 insertions
used by
Xen to avoid such issues in the future.
Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com>
---
arch/x86/xen/efi.c | 45 -
1 file changed, 12 insertions(+), 33 deletions(-)
diff --git a/arch/x86/xen/efi.c b/arch/x86/xen/efi.c
index 3
-
drivers/firmware/efi/efi.c |3 ++-
2 files changed, 14 insertions(+), 34 deletions(-)
Daniel Kiper (2):
efi: Process MEMATTR table only if EFI_MEMMAP
x86/xen/efi: Init only efi struct members used by Xen
___
Xen-devel
Otherwise e.g. Xen dom0 on x86_64 EFI platforms crashes.
In theory we can check EFI_PARAVIRT too, however,
EFI_MEMMAP looks more generic and covers more cases.
Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com>
Reviewed-by: Ard Biesheuvel <ard.biesheu...@linaro.org>
---
drivers/
used by
Xen to avoid such issues in the future.
Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com>
Acked-by: Ard Biesheuvel <ard.biesheu...@linaro.org>
--
Align assignments to increase readability. Suggested by Ingo Molnar.
---
arch/x86/xen/
translated again.
> > * Endless loop starts from here.
> > */
> > xen_m2p(machine=0x581b7e000)
> > __xen_m2p(machine=0x581b7e000, mfn=0x581b7e)
> > readmem(addr=0xc91f5000)
> >
> > Fortunately, PV domU p2m mapping is also stored at xd->xfd +
> > xc
On Mon, May 15, 2017 at 03:46:55PM +0200, Daniel Kiper wrote:
> Hi Julien,
>
> On Mon, May 15, 2017 at 02:43:28PM +0100, Julien Grall wrote:
> > Hi Daniel,
> >
> > On 15/05/17 14:38, Daniel Kiper wrote:
> > >On Sun, May 14, 2017 at 03:43:44PM +0800, fu@lina
per <andrew.coop...@citrix.com>
> Tested-by: Sergey Dyasli <sergey.dya...@citrix.com>
> ---
> CC: Jan Beulich <jbeul...@suse.com>
> CC: Julien Grall <julien.gr...@arm.com>
> CC: Daniel Kiper <daniel.ki...@oracle.com>
> CC: Doug Goldstein <car...@cardoe
her than limiting to an arbitrary 1k. One side effect is that the
> MB2/EFI path continues to use the EFI stack until the trampoline is entered.
>
> Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
> Tested-by: Sergey Dyasli <sergey.dya...@citrix.com>
Reviewed-by: Dan
Hey,
On Tue, May 02, 2017 at 03:06:24PM +0800, fu@linaro.org wrote:
> From: Fu Wei
>
> This patchset add xen_boot support into grup-mkconfig for
> generating xen boot entrances automatically
>
> Also update the docs/grub.texi for new xen_boot commands.
Slowly recovering
On Mon, Sep 18, 2017 at 11:24:15AM -0400, Tamas K Lengyel wrote:
> On Tue, Sep 5, 2017 at 12:26 PM, Tamas K Lengyel
> <tamas.k.leng...@gmail.com> wrote:
> > On Mon, Sep 4, 2017 at 6:40 AM, Daniel Kiper <daniel.ki...@oracle.com>
> > wrote:
> >> On Wed, Au
On Fri, Sep 22, 2017 at 02:25:46AM -0600, Jan Beulich wrote:
> >>> On 22.09.17 at 00:46, wrote:
> > One piece that I see still missing is the Xen command line parameters
> > not being verified. It would be ideal to have the option to get that
> > set during compile time as
On Wed, Sep 20, 2017 at 09:59:51AM -0600, Tamas K Lengyel wrote:
> On Wed, Sep 20, 2017 at 9:46 AM, Jan Beulich wrote:
> On 20.09.17 at 17:20, wrote:
> >> On Wed, Sep 20, 2017 at 12:30 AM, Jan Beulich wrote:
> >> On 20.09.17 at
On Thu, Oct 12, 2017 at 03:50:06PM -0500, Doug Goldstein wrote:
> From: David Esler
>
> In 9180f5365524 a change was made to the send_chr function to take in
> C-strings and print out a character at a time until a NULL was
> encountered. However there is no code to
just send it over the serial UART anymore so rename
> > it to print_err so that its closer in name to what it does.
> >
> > Reviewed-by: Doug Goldstein <car...@cardoe.com>
> > Signed-off-by: David Esler <drumandst...@gmail.com>
>
> Reviewed-by: Andrew Cooper <
On Thu, Oct 12, 2017 at 05:03:13PM +, Bill Jacobs (billjac) wrote:
> Hi
> What is the status of creating a shim to abstract secure boot
> signing for Xen (to leverage MSFT 3rd party, e.g)?
xen.efi works with shim itself out of the box. If you wish
to use shim and GRUB2 to load Xen you have to
On Mon, Aug 28, 2017 at 02:40:15PM -0400, Konrad Rzeszutek Wilk wrote:
> The multiboot2 is much more preferable than multiboot. Especiall
> if booting under EFI where multiboot does not have the functionality
> to pass ImageHandler.
>
> Signed-off-by: Konrad Rzeszutek Wilk
Hey Tamas,
Sorry for late reply. I was on vacation.
On Tue, Aug 22, 2017 at 09:01:06PM -0600, Tamas K Lengyel wrote:
> On Tue, May 16, 2017 at 5:04 AM, Daniel Kiper <daniel.ki...@oracle.com> wrote:
[...]
> > UEFI will verify shim secure boot signature then shim will verify GRUB
On Mon, Aug 28, 2017 at 02:42:18PM -0400, Konrad Rzeszutek Wilk wrote:
> On Mon, Aug 28, 2017 at 02:40:14PM -0400, Konrad Rzeszutek Wilk wrote:
> > Commit d33045ce7ffcb7c1e4a60c14d5ca64b36e3c5abe introduced
> > the support for this, but it does not work under x86 (as it stops
> > 20_linux_xen from
On Tue, Aug 29, 2017 at 04:40:51PM -0400, Konrad Rzeszutek Wilk wrote:
> Since v1 [http://lists.gnu.org/archive/html/grub-devel/2017-08/msg00073.html]
> - Fixed up patch with failing invocation,
> - Redid patch #2 per Daniel's instructions.
>
>
> Hey,
>
> The first patch:
> [PATCH 1/2] Fix
Hey,
Some people asked me about Multiboot2 Specification and other GRUB doc stuff.
So, I have put latest things at
https://www.gnu.org/software/grub/grub-documentation.html
I hope that helps. If you have any questions please drop me a line.
Thanks,
Daniel
On Wed, Aug 30, 2017 at 12:26:28PM +0200, Daniel Kiper wrote:
> On Tue, Aug 29, 2017 at 04:40:51PM -0400, Konrad Rzeszutek Wilk wrote:
> > Since v1
> > [http://lists.gnu.org/archive/html/grub-devel/2017-08/msg00073.html]
> > - Fixed up patch with failing invocation,
>
Hi Tamas,
On Tue, Sep 12, 2017 at 05:40:35PM -0600, Tamas K Lengyel wrote:
> Hi all,
> for the last couple weeks I've been poking around the options
> available to get Xen booted on a Secureboot enabled box. My goal is to
> extend the chain of trust to the dom0 kernel. According to
>
On Wed, Aug 30, 2017 at 10:16:23AM -0600, Tamas K Lengyel wrote:
> On Tue, Aug 29, 2017 at 2:01 PM, Daniel Kiper <daniel.ki...@oracle.com> wrote:
> > Hey Tamas,
> >
> > Sorry for late reply. I was on vacation.
> >
> > On Tue, Aug 22, 2017 at 09:01:06PM -0
by: David Esler <drumandst...@gmail.com>
In general Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com>
Though please take into account Jan's request WRT to commit
message. Or I am OK with Jan's changes before committing.
Daniel
___
Xen-deve
rr so that its closer in name to what it does.
>
> Reviewed-by: Doug Goldstein <car...@cardoe.com>
Ditto.
> Signed-off-by: David Esler <drumandst...@gmail.com>
Anyway, Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com>
Daniel
On Tue, Oct 24, 2017 at 02:40:41PM -0500, Doug Goldstein wrote:
> The EFI multiboot2 entry point currently requires EFI BootServices to
> not have been exited however the header currently tells the boot
> loader that Xen optionally supports EFI BootServices having been exited.
> With this change
On Tue, Oct 24, 2017 at 03:28:52PM -0500, Doug Goldstein wrote:
> On 10/24/17 3:08 PM, Daniel Kiper wrote:
> > On Tue, Oct 24, 2017 at 02:40:41PM -0500, Doug Goldstein wrote:
> >> The EFI multiboot2 entry point currently requires EFI BootServices to
> >> not have bee
On Tue, Oct 24, 2017 at 10:40:26PM +0100, Andrew Cooper wrote:
> On 24/10/2017 22:11, Daniel Kiper wrote:
> > On Tue, Oct 24, 2017 at 09:22:20PM +0100, Andrew Cooper wrote:
> >> On 24/10/17 21:08, Daniel Kiper wrote:
> >>> On Tue, Oct 24, 2017 at 02:40:41
On Tue, Oct 24, 2017 at 09:22:20PM +0100, Andrew Cooper wrote:
> On 24/10/17 21:08, Daniel Kiper wrote:
> > On Tue, Oct 24, 2017 at 02:40:41PM -0500, Doug Goldstein wrote:
> >> The EFI multiboot2 entry point currently requires EFI BootServices to
> >> not have bee
On Tue, Oct 24, 2017 at 03:49:10PM -0500, Doug Goldstein wrote:
> On 10/24/17 3:22 PM, Andrew Cooper wrote:
> > On 24/10/17 21:08, Daniel Kiper wrote:
> >> On Tue, Oct 24, 2017 at 02:40:41PM -0500, Doug Goldstein wrote:
> >>> The EFI multiboot2 entry point curre
801 - 858 of 858 matches
Mail list logo