Merged
Conversation
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
miczyg1
requested changes
Jan 2, 2025
SergiiDmytruk
force-pushed
the
aem-efi-boot
branch
from
f25f75b to
aa2fcc5
Compare
krystian-hebel
requested changes
Jan 7, 2025
SergiiDmytruk
force-pushed
the
aem-efi-boot
branch
from
aa2fcc5 to
f484787
Compare
SergiiDmytruk
force-pushed
the
aem-efi-boot
branch
3 times, most recently
from
4fcdf5b to
274d462
Compare
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
…PMR_SIZE Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
This is to allow reusing the same code from a different place. Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Add boot_params_base field. Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Add PSP version and update types for consistency. Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
To prevent measurements from changing when the only thing that has changed is some address. Addresses can vary due to bootloader, firmware or user doing something differently or just if GRUB gets bigger in size due to inclusion of more modules and ends up offsetting newly allocated memory. Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
SergiiDmytruk
force-pushed
the
aem-efi-boot
branch
from
274d462 to
c1ba559
Compare
Member
Author
|
In addition to force-pushing changes (some of them are new for this PR) I changed the target branch to deal with 4.17.4 (which builder calls 4.17.5 for some reason) instead of staging. This is because Xen staging has different ABI which can't be used on Qubes OS 4.2. |
SergiiDmytruk
force-pushed
the
aem-efi-boot
branch
2 times, most recently
from
3588c76 to
9eec232
Compare
SergiiDmytruk
force-pushed
the
aem-efi-boot
branch
2 times, most recently
from
faa5bdb to
9c6c3cb
Compare
Member
|
@miczyg1 all your threads are resolved here, can you please approve if you have no more comments? |
SergiiDmytruk
force-pushed
the
aem-efi-boot
branch
from
9c6c3cb to
f3db106
Compare
I can but there are also @krystian-hebel threads unresolved. |
Member
|
I am aware, @krystian-hebel will do his part as well. |
|
Also, I only tested the legacy boot path of this code and it didn't work so I am not convinced to give approve yet. |
When running on an EFI-enabled system, Xen needs to have access to Boot Services in order to initialize itself properly and reach a state in which a Dom0 kernel can operate without issues. This means that DRTM must be started in the middle of Xen's initialization process. This effect is achieved via a callback into bootloader (GRUB) which is responsible for initiating DRTM and continuing Xen's initialization process. The latter is achieved by branching in Slaunch entry point on a flag to switch back into long mode and calling the same function which Xen would execute as the next step without DRTM. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
SergiiDmytruk
force-pushed
the
aem-efi-boot
branch
from
f3db106 to
1278ae8
Compare
krystian-hebel
approved these changes
Feb 19, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
An upstream fix will be gone on a future rebase. Code improvements and measurement corrections follow. The actual support is added in the penultimate commit, see its commit message for some details. CI has some issues with the latest latest qubes-builderv2 (
sudoisn't passwordless in a container which the builder creates), I just pinned its version to an older commit which works.