From patchwork Tue Oct 24 19:40:41 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Douglas Goldstein X-Patchwork-Id: 10025413 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 2F39A601E8 for ; Tue, 24 Oct 2017 19:43:31 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2755A28A10 for ; Tue, 24 Oct 2017 19:43:31 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1BE5128A31; Tue, 24 Oct 2017 19:43:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.6 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,RCVD_IN_SORBS_SPAM,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 89AA928A10 for ; Tue, 24 Oct 2017 19:43:30 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e754W-00074u-OS; Tue, 24 Oct 2017 19:41:08 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e754V-00074o-AH for xen-devel@lists.xenproject.org; Tue, 24 Oct 2017 19:41:07 +0000 Received: from [193.109.254.147] by server-1.bemta-6.messagelabs.com id CC/5C-31121-2579FE95; Tue, 24 Oct 2017 19:41:06 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrKIsWRWlGSWpSXmKPExsVyMfTGEd3A6e8 jDXrfqVt83zKZyYHR4/CHKywBjFGsmXlJ+RUJrBlP39xhLZgiVPH5WwdzA+NZvi5GLg4hgZmM Esc2HmUFcVgE2pklut4sZwZxJATesUjsXb8GyOEEcvIkDi/7CWWnSbQvu8TUxcgBZFdJXPzkB RIWElCQ+D3hEBPE1GVMEvfub2YBSbAJaEg8+TWDDcQWEVCSuLdqMhOIzSwwl1Hi5y8XEFtYwF riyJXPYHEWAVWJo/d+g9m8AmYSZ/dMZ4HYJS+xY7PgBEb+BYwMqxg1ilOLylKLdA0N9ZKKMtM zSnITM3N0DQ3M9HJTi4sT01NzEpOK9ZLzczcxAgOIAQh2MH5aFnCIUZKDSUmUNyD9faQQX1J+ SmVGYnFGfFFpTmrxIUYZDg4lCd6IaUA5waLU9NSKtMwcYCjDpCU4eJREeJVA0rzFBYm5xZnpE KlTjPYcF+5c+sPEcWDPLSDZcfMukHw283UDsxBLXn5eqpQ4rydImwBIW0ZpHtxQWOxdYpSVEu ZlBDpTiKcgtSg3swRV/hWjOAejkjBvJsgUnsy8Erjdr4DOYgI6S9b+DchZJYkIKakGxkjeeOb kXed6/+lUJs+yUpJc52aftVAj5eThUw/zbK59jj8kUH905+yJHAJvbmUtra+SSPjPbBZ7w1zQ W/engPKLnxOlpF72r3greW3/T12eUE5XznCRf5H3E39pft7+s/2twzsNe9GCTdcf2DGGRbRn3 ZjyYk/XXV09vWNrWjq3PubWWp/ooMRSnJFoqMVcVJwIAPIzBVu4AgAA X-Env-Sender: cardoe@cardoe.com X-Msg-Ref: server-9.tower-27.messagelabs.com!1508874065!113330734!1 X-Originating-IP: [209.85.216.196] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 48607 invoked from network); 24 Oct 2017 19:41:05 -0000 Received: from mail-qt0-f196.google.com (HELO mail-qt0-f196.google.com) (209.85.216.196) by server-9.tower-27.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 24 Oct 2017 19:41:05 -0000 Received: by mail-qt0-f196.google.com with SMTP id j58so31991731qtj.0 for ; Tue, 24 Oct 2017 12:41:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cardoe.com; s=google; h=from:to:cc:subject:date:message-id; bh=7XZEhZ5nowRzAJMtISgxs82b7YereBW8qMHuvgCH5xA=; b=BK8EmZvBTBtyFub2l1qyg8qG+IRU/Ad29QahGMHdi52SvjGZbF13r9yFXIzbycxykI 2KEZNkZsNVkFLiLGnBGeQmSBd00hiqDH4ecTql47qCODhSQg4s41Z3rP6y6B4Rsik9c1 fmc4utCfwCQA2hBYlRReaqZWoK6c5uUz6PblE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=7XZEhZ5nowRzAJMtISgxs82b7YereBW8qMHuvgCH5xA=; b=UUFNU5+OquAcMBK/LeCTTr1Xkqhn93gBIJtHpwGqDnBMpINoC8QLtE7tSxw7l7tnAs YVhhqKnrkRk4MNVTOLQqVHAWJiCo6GXxd+N59koJDZuGYTiIC0X0Xc8TIinOK6ZTO7va XQ0tqH4gMrngOBF/DeM0fqLKoJRrXQ5bx2HFjeicJAg0XVXlNy808VlHGAM9JF87fDHZ QkTz2NQIl3MQCnkfCY412tKb5D3q4UYHKHfkFG4gYgE+7CxPxpG95kgV2hL1iEh30NEk gDd0te92n7gQDS/dRyBkojotd3CI8q7ZbHD4KN3gdQ2EHTHV5wkwnEaiGmRHw5sn2BUR gHAw== X-Gm-Message-State: AMCzsaVCoxI9WDIYuu8ATlV0XnlO473g5Sh+aqlyA52U6pc56KcxLhRh Gs0RqrrIgombdzKe3DMUR1wmidxoj70= X-Google-Smtp-Source: ABhQp+QmpXCjiZfD9opPZny4G+PSNVLN6Ki3V8kZAjBMoPlDDD0BPgWYVpUwwQd2gldbIn+vOxVGfw== X-Received: by 10.237.34.213 with SMTP id q21mr26584782qtc.65.1508874064140; Tue, 24 Oct 2017 12:41:04 -0700 (PDT) Received: from swanson.localdomain (104-179-196-18.lightspeed.brhmal.sbcglobal.net. [104.179.196.18]) by smtp.gmail.com with ESMTPSA id z13sm729128qtb.97.2017.10.24.12.41.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 24 Oct 2017 12:41:03 -0700 (PDT) From: Doug Goldstein To: xen-devel@lists.xenproject.org Date: Tue, 24 Oct 2017 14:40:41 -0500 Message-Id: <20171024194041.28188-1-cardoe@cardoe.com> X-Mailer: git-send-email 2.13.5 Cc: Andrew Cooper , Daniel Kiper , Doug Goldstein , Jan Beulich Subject: [Xen-devel] [PATCH] x86/boot: fix MB2 header to require EFI BS X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP The EFI multiboot2 entry point currently requires EFI BootServices to not have been exited however the header currently tells the boot loader that Xen optionally supports EFI BootServices having been exited. With this change Xen properly advertises that EFI must not be exited allowing the boot loader to report an error that it cannot boot Xen if it is unable to meet its needs. Signed-off-by: Doug Goldstein --- This should likely be applied against Xen 4.9 and Xen 4.10 as well as staging. I am trying to get multiboot2 support for iPXE and upstream is concerned that leaving EFI BootServices enabled will not be compatible with their aims to support Secure Boot. So when I build my iPXE without support for passing on Boot Services, Xen will be loaded by iPXE but then it will fall down with "ERR: Bootloader shutdown EFI x64 boot services!" implying that this is required. By having Xen expose in its header that its required it allows me to handle the situation gracefully in iPXE. To quote the multiboot2 spec exact: "This tag indicates that payload supports starting without terminating boot services." Unfortunately the spec is a bit vague and how I am reading it is: - no tag = exit boot services in the boot loader - tag present marked optional = boot loader can or cannot exit boot services - tag present marked required = boot loader cannot exit boot services In the future I would like to add support to Xen to allow it to run without boot services but presently that support isn't there. --- xen/arch/x86/boot/head.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index 9cc35da558..f76c2c0664 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -98,8 +98,8 @@ multiboot2_header_start: 0, /* Number of the lines - no preference. */ \ 0 /* Number of bits per pixel - no preference. */ - /* Request that ExitBootServices() not be called. */ - mb2ht_init MB2_HT(EFI_BS), MB2_HT(OPTIONAL) + /* Require that ExitBootServices() not be called. */ + mb2ht_init MB2_HT(EFI_BS), MB2_HT(REQUIRED) /* EFI64 Multiboot2 entry point. */ mb2ht_init MB2_HT(ENTRY_ADDRESS_EFI64), MB2_HT(OPTIONAL), \