| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Nov 2013 20:15:28 +0100
From: Leif Lindholm <leif.lindholm@...aro.org>
To: The development of GNU GRUB <grub-devel@....org>
Cc: Daniel Kiper <daniel.kiper@...cle.com>, david.woodhouse@...el.com,
arvidjaar@...il.com, mchang@...e.com,
Jan Beulich <JBeulich@...e.com>, keir@....org,
shidokht.yadegari@...cle.com, seth.goldberg@...cle.com,
ross.philipson@...rix.com, grant.likely@...aro.org,
mchang.novell@...il.com, mjg59@...f.ucam.org,
andre.przywara@...xeda.com, Ian Campbell <ian.campbell@...rix.com>,
stefano.stabellini@...citrix.com,
Vladimir 'φ-coder/phcoder' Serbinenko
<phcoder@...il.com>, boris.ostrovsky@...cle.com,
richard.l.maliszewski@...el.com, linux-kernel@...r.kernel.org,
xen-devel@...ts.xen.org, neal.pollack@...cle.com
Subject: Re: Is: Wrap-up Was: Re: EFI and multiboot2 devlopment work for Xen
On Mon, Nov 04, 2013 at 08:41:11PM +0000, Stefano Stabellini wrote:
> >
> > multiboot2 protocol requires some more changes. However, about 80% of code
> > is ready. In this case Xen and modules are loaded by GRUB2 itself. It means
> > that all images could be placed on any filesystem recognized by GRUB2. Options
> > for Xen and modules are passed separately which simplifies command line editing
> > in boot loader and parsing. multiboot2 protocol is very flexible and could be
> > easily extended in the future if a need arises. Support for secure boot and
> > shim loader could be added. However, it was not implemented yet. Probably
> > linuxefi module could be used as a reference or even as a base for development.
> > However, I do not know are there plans to support such solution by GRUB2
> > community. Currently, support for native PE images signatures and GPG signatures
> > is under development for GRUB2 upstream.
>
> FYI on ARM it is possible to load a kernel as PE but at the same time
> passing additional info as where the initrd or other additional binaries
> have been loaded or even command line arguments. These info are passed
> from the bootloader to the kernel via Device Tree. Grant (CC'ed) might
> be able to add additional details on where the code actually lives.
The code currently lives in unclean form in my development tree on
git.linaro.org. We had a few items on the kernel boot protocol to sort
out at last week's Linaro Connect, and if I hadn't been struck down
with conference flu, I would probably have sent out the basic arm64
support by now.
The method used (for the curious) is to simply register an FDT as a
configuration table, and then look for that in the stub.
That code should be trivially portable to 32-bit ARM.
I did start out from the linuxefi code, but that was quite x86 specific,
and was also dependent on the shim, so I ended up changing most of it
(for now). I would still like to see a unified (upstream) linuxefi
module for loading the kernel as the UEFI stub
(with architecture-specific bits extracted out under loader/<arch>).
The UEFI stub loader will then call ExitBootServices(), not GRUB.
/
Leif
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists