projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4dced5d) | patch
efi: Enable booting unified hypervisor/kernel/initrd images
authorTrammell Hudson <hudson@trmm.net>
Fri, 2 Oct 2020 11:18:21 +0000 (07:18 -0400)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Fri, 9 Oct 2020 16:20:11 +0000 (17:20 +0100)
commit8a71d50ed40bfa78c37722dc11995ac2563662c3
tree2961647a0eda7fceb50ac75b162b1425967eb74ftree | snapshot
parent4dced5df761e36fa2561f6f0f6563b3580d95e7fcommit | diff
efi: Enable booting unified hypervisor/kernel/initrd images

This patch adds support for bundling the xen.efi hypervisor, the xen.cfg
configuration file, the Linux kernel and initrd, as well as the XSM,
and architectural specific files into a single "unified" EFI executable.
This allows an administrator to update the components independently
without requiring rebuilding xen, as well as to replace the components
in an existing image.

The resulting EFI executable can be invoked directly from the UEFI Boot
Manager, removing the need to use a separate loader like grub as well
as removing dependencies on local filesystem access.  And since it is
a single file, it can be signed and validated by UEFI Secure Boot without
requring the shim protocol.

It is inspired by systemd-boot's unified kernel technique and borrows the
function to locate PE sections from systemd's LGPL'ed code.  During EFI
boot, Xen looks at its own loaded image to locate the PE sections for
the Xen configuration (`.config`), dom0 kernel (`.kernel`), dom0 initrd
(`.ramdisk`), and XSM config (`.xsm`), which are included after building
xen.efi using objcopy to add named sections for each input file.

For x86, the CPU ucode can be included in a section named `.ucode`,
which is loaded in the efi_arch_cfg_file_late() stage of the boot process.

On ARM systems the Device Tree can be included in a section named
`.dtb`, which is loaded during the efi_arch_cfg_file_early() stage of
the boot process.

Note that the system will fall back to loading files from disk if
the named sections do not exist. This allows distributions to continue
with the status quo if they want a signed kernel + config, while still
allowing a user provided initrd (which is how the shim protocol currently
works as well).

This patch also adds constness to the section parameter of
efi_arch_cfg_file_early() and efi_arch_cfg_file_late(),
changes pe_find_section() to use a const CHAR16 section name,
and adds pe_name_compare() to match section names.

Signed-off-by: Trammell Hudson <hudson@trmm.net>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
[Fix ARM build by including pe.init.o]
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
.gitignore diff | blob | history
docs/misc/efi.pandoc diff | blob | history
xen/arch/arm/efi/Makefile diff | blob | history
xen/arch/arm/efi/efi-boot.h diff | blob | history
xen/arch/x86/efi/Makefile diff | blob | history
xen/arch/x86/efi/efi-boot.h diff | blob | history
xen/common/efi/boot.c diff | blob | history
xen/common/efi/efi.h diff | blob | history
xen/common/efi/pe.c [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.