1. Patchew
  2. Xen
  3. View series

[PATCH 0/4] Allows Secure Boot for Kexec

Frediano Ziglio posted 4 patches 5 months, 3 weeks ago
Only 2 patches received!
There is a newer version of this series
xen/arch/arm/Makefile                 |   1 +
xen/arch/arm/kexec.c                  |  27 +
xen/arch/x86/Makefile                 |   2 +
xen/arch/x86/bzimage.c                |  40 +-
xen/arch/x86/kexec.c                  | 125 +++++
xen/arch/x86/purgatory/.gitignore     |   3 +
xen/arch/x86/purgatory/Makefile       |  64 +++
xen/arch/x86/purgatory/config.h       |  37 ++
xen/arch/x86/purgatory/entry64.S      | 108 ++++
xen/arch/x86/purgatory/purgatory.c    |  59 +++
xen/arch/x86/purgatory/setup-x86_64.S |  63 +++
xen/arch/x86/purgatory/stack.S        |  21 +
xen/common/Kconfig                    |   1 +
xen/common/kexec.c                    |  33 +-
xen/common/kimage.c                   | 703 ++++++++++++++++++++++++--
xen/include/public/kexec.h            |  23 +-
xen/include/xen/kimage.h              |  57 ++-
xen/include/xen/sha2.h                |  10 +
xen/include/xen/x86-linux.h           |  62 +++
xen/lib/sha2-256.c                    |  16 +-
20 files changed, 1344 insertions(+), 111 deletions(-)
create mode 100644 xen/arch/arm/kexec.c
create mode 100644 xen/arch/x86/kexec.c
create mode 100644 xen/arch/x86/purgatory/.gitignore
create mode 100644 xen/arch/x86/purgatory/Makefile
create mode 100644 xen/arch/x86/purgatory/config.h
create mode 100644 xen/arch/x86/purgatory/entry64.S
create mode 100644 xen/arch/x86/purgatory/purgatory.c
create mode 100644 xen/arch/x86/purgatory/setup-x86_64.S
create mode 100644 xen/arch/x86/purgatory/stack.S
create mode 100644 xen/include/xen/x86-linux.h
[PATCH 0/4] Allows Secure Boot for Kexec
Posted by Frediano Ziglio 5 months, 3 weeks ago 
Using EFI Secure Boot all kernel level code should be signed and
there should be no way to run unchecked code.
For this reason the Kexec interface needs to be changed in order
to allows signature checking.

The purgatory code is included in Xen itself as passing this code
from userspace it's not secure (see patches 2/4 and 3/4).

Ross Lagerwall (4):
  xen/lib: Export additional sha256 functions
  kexec: Include purgatory in Xen
  kexec: Implement new EFI load types
  kexec: Support non-page-aligned kexec segments

 xen/arch/arm/Makefile                 |   1 +
 xen/arch/arm/kexec.c                  |  27 +
 xen/arch/x86/Makefile                 |   2 +
 xen/arch/x86/bzimage.c                |  40 +-
 xen/arch/x86/kexec.c                  | 125 +++++
 xen/arch/x86/purgatory/.gitignore     |   3 +
 xen/arch/x86/purgatory/Makefile       |  64 +++
 xen/arch/x86/purgatory/config.h       |  37 ++
 xen/arch/x86/purgatory/entry64.S      | 108 ++++
 xen/arch/x86/purgatory/purgatory.c    |  59 +++
 xen/arch/x86/purgatory/setup-x86_64.S |  63 +++
 xen/arch/x86/purgatory/stack.S        |  21 +
 xen/common/Kconfig                    |   1 +
 xen/common/kexec.c                    |  33 +-
 xen/common/kimage.c                   | 703 ++++++++++++++++++++++++--
 xen/include/public/kexec.h            |  23 +-
 xen/include/xen/kimage.h              |  57 ++-
 xen/include/xen/sha2.h                |  10 +
 xen/include/xen/x86-linux.h           |  62 +++
 xen/lib/sha2-256.c                    |  16 +-
 20 files changed, 1344 insertions(+), 111 deletions(-)
 create mode 100644 xen/arch/arm/kexec.c
 create mode 100644 xen/arch/x86/kexec.c
 create mode 100644 xen/arch/x86/purgatory/.gitignore
 create mode 100644 xen/arch/x86/purgatory/Makefile
 create mode 100644 xen/arch/x86/purgatory/config.h
 create mode 100644 xen/arch/x86/purgatory/entry64.S
 create mode 100644 xen/arch/x86/purgatory/purgatory.c
 create mode 100644 xen/arch/x86/purgatory/setup-x86_64.S
 create mode 100644 xen/arch/x86/purgatory/stack.S
 create mode 100644 xen/include/xen/x86-linux.h

-- 
2.43.0
Re: [PATCH 0/4] Allows Secure Boot for Kexec
Posted by Andrii Sultanov 5 months, 3 weeks ago 
The 2nd and 3rd patches got lost somewhere and do not seem to be shown on lore,
at the very least.

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.