From patchwork Thu Mar 28 15:12:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Lagerwall X-Patchwork-Id: 13608715 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 45E41C54E64 for ; Thu, 28 Mar 2024 15:11:04 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.698954.1091247 (Exim 4.92) (envelope-from ) id 1rprP5-0001Xz-G8; Thu, 28 Mar 2024 15:10:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 698954.1091247; Thu, 28 Mar 2024 15:10:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rprP5-0001Xs-C0; Thu, 28 Mar 2024 15:10:55 +0000 Received: by outflank-mailman (input) for mailman id 698954; Thu, 28 Mar 2024 15:10:54 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rprP4-0001Xk-I8 for xen-devel@lists.xenproject.org; Thu, 28 Mar 2024 15:10:54 +0000 Received: from mail-qt1-x829.google.com (mail-qt1-x829.google.com [2607:f8b0:4864:20::829]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 5dda0f01-ed15-11ee-a1ef-f123f15fe8a2; Thu, 28 Mar 2024 16:10:52 +0100 (CET) Received: by mail-qt1-x829.google.com with SMTP id d75a77b69052e-430acf667afso5448661cf.1 for ; Thu, 28 Mar 2024 08:10:52 -0700 (PDT) Received: from rossla-lxenia.eng.citrite.net ([185.25.67.249]) by smtp.gmail.com with ESMTPSA id cr7-20020a05622a428700b004313f54aaa9sm696300qtb.5.2024.03.28.08.10.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Mar 2024 08:10:50 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5dda0f01-ed15-11ee-a1ef-f123f15fe8a2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1711638651; x=1712243451; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=D7ZTVrLp8nqWSOYziUzeIG369jCymeRAwqlJzMSZjtw=; b=eC+S9M3BYMJA/WkVDNzdc+/Rs2Pj5KrrPpNqGU6whYD6OHTUyad2oeERh3THOJjI/7 Xs5+O8neCIJq0isvSjDqoCxrr0SgYFq3Ds8AGhZtwP1D41HsURF4T7s12dPa3iukq+Ea lV8p9b0wFs+2WVZe+2SEy3wfzUOP8GVsqJf+o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711638651; x=1712243451; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=D7ZTVrLp8nqWSOYziUzeIG369jCymeRAwqlJzMSZjtw=; b=IzwMWs76Mamf85LZYZrJH2x8xbtyFKH8v9SVihecgisKMLcCIWEylPvjZ3OIBAAvfZ 3g3nd155wxROXLfKjtZrWtWYqSvwjILUe66w8xilQtOyGMa0/uXqq068+q0EDtXo4UA7 h2cncywKC5d09Nal+igKFRJS+wxh2zY70dlQeWvga2mN8ghvJlNmkZ/NDPBcIg2sc5E5 FFP87tS4IBz/QYBV6M2Ev3elWVkeQtJZp+R+9lv17hGqThFxDK6N5NtranSsQmCZSE6s +CBhcZzhCtRUWK5y89uMMJd2LNevhLTXwofYdoLlPdZyWqvHFxvJh+pKszxPePA//BFh 3uyQ== X-Gm-Message-State: AOJu0Yxu7TePHI+LPKTLgrr7LYIKUClCIwDxv8q+G+QW4giKYsaxAvyL LhWk0POXws5hfaSKhRhEzdzhaNRxBqo5xs/bpM86r89c/VWGuKcApcIWwmTl2A== X-Google-Smtp-Source: AGHT+IH+f8EDLf9KaL9c0bwJt6k3fppNPjsyLjLixhJayQ1QFvhFrKJAZcpweX+igkrDOrT/SdPcLw== X-Received: by 2002:ac8:5ac2:0:b0:431:7f86:958f with SMTP id d2-20020ac85ac2000000b004317f86958fmr3650447qtd.8.1711638651543; Thu, 28 Mar 2024 08:10:51 -0700 (PDT) From: Ross Lagerwall To: grub-devel@gnu.org Cc: xen-devel@lists.xenproject.org, Ross Lagerwall , Daniel Kiper , Daniel Kiper , Andrew Cooper , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Jan Beulich Subject: [PATCH v2 0/3] GRUB: Supporting Secure Boot of xen Date: Thu, 28 Mar 2024 15:12:59 +0000 Message-ID: <20240328151302.1451158-1-ross.lagerwall@citrix.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 This patch series implements support for loading and verifying a signed xen binary. This would allow the same xen binary to be used for BIOS boot, UEFI boot, and UEFI boot with Secure Boot verification. There is an accompanying Xen patch series. The first patch updates the multiboot2 specification to allow PE binaries. Patch 2 implements the spec change. Patch 3 allows loading multiboot modules without verification since the multiboot kernel is expected to verify them if needed. Ross Changed in v2: * Use magic numbers to determine whether to load as ELF or PE rather than introducing a load type tag. * Drop the 64 bit entry address extensions to the protocol - this is no longer necessary after some Xen build changes. * Dropped the patch to allow verification after compression since it is not critical to make this work. Diff stat for patch 1 (to be applied to the "multiboot2" branch): Ross Lagerwall (1): multiboot2: Add support for the PE binary type doc/multiboot.texi | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) Diff stat for patch 2 and 3 (to be applied to the "master" branch): Ross Lagerwall (2): multiboot2: Add PE load support efi: Allow loading multiboot modules without verification grub-core/Makefile.core.def | 1 + grub-core/kern/efi/sb.c | 1 + grub-core/loader/multiboot.c | 7 + grub-core/loader/multiboot_mbi2.c | 11 +- grub-core/loader/multiboot_pe.c | 702 ++++++++++++++++++++++++++++++ include/grub/efi/pe32.h | 64 +++ include/grub/multiboot.h | 3 + include/grub/multiboot2.h | 9 + 8 files changed, 797 insertions(+), 1 deletion(-) create mode 100644 grub-core/loader/multiboot_pe.c