docs/misc/efi.pandoc | 8 +------- xen/Kconfig.debug | 9 ++------- xen/Makefile | 19 ------------------- xen/arch/x86/Makefile | 8 +++++--- 4 files changed, 8 insertions(+), 36 deletions(-)
For xen.gz file we strip all symbols and have an additional
xen-syms file version with all symbols.
Make xen.efi more coherent stripping all symbols too.
xen.efi.elf can be used for debugging.
Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com>
---
Changes since v1:
- avoid leaving target if some command fails
---
docs/misc/efi.pandoc | 8 +-------
xen/Kconfig.debug | 9 ++-------
xen/Makefile | 19 -------------------
xen/arch/x86/Makefile | 8 +++++---
4 files changed, 8 insertions(+), 36 deletions(-)
diff --git a/docs/misc/efi.pandoc b/docs/misc/efi.pandoc
index 11c1ac3346..c66b18a66b 100644
--- a/docs/misc/efi.pandoc
+++ b/docs/misc/efi.pandoc
@@ -20,13 +20,7 @@ Xen to load the configuration file even if multiboot modules are found.
Once built, `make install-xen` will place the resulting binary directly into
the EFI boot partition, provided `EFI_VENDOR` is set in the environment (and
`EFI_MOUNTPOINT` is overridden as needed, should the default of `/boot/efi` not
-match your system). When built with debug info, the binary can be quite large.
-Setting `INSTALL_EFI_STRIP=1` in the environment will cause it to be stripped
-of debug info in the process of installing. `INSTALL_EFI_STRIP` can also be set
-to any combination of options suitable to pass to `strip`, in case the default
-ones don't do. The xen.efi binary will also be installed in `/usr/lib64/efi/`,
-unless `EFI_DIR` is set in the environment to override this default. This
-binary will not be stripped in the process.
+match your system).
The binary itself will require a configuration file (names with the `.efi`
extension of the binary's name replaced by `.cfg`, and - until an existing
diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug
index d14093017e..cafbb1236c 100644
--- a/xen/Kconfig.debug
+++ b/xen/Kconfig.debug
@@ -147,12 +147,7 @@ config DEBUG_INFO
Say Y here if you want to build Xen with debug information. This
information is needed e.g. for doing crash dump analysis of the
hypervisor via the "crash" tool.
- Saying Y will increase the size of the xen-syms and xen.efi
- binaries. In case the space on the EFI boot partition is rather
- limited, you may want to install a stripped variant of xen.efi in
- the EFI boot partition (look for "INSTALL_EFI_STRIP" in
- docs/misc/efi.pandoc for more information - when not using
- "make install-xen" for installing xen.efi, stripping needs to be
- done outside the Xen build environment).
+ Saying Y will increase the size of the xen-syms and xen.efi.elf
+ binaries.
endmenu
diff --git a/xen/Makefile b/xen/Makefile
index 8fc4e042ff..664c4ea7b8 100644
--- a/xen/Makefile
+++ b/xen/Makefile
@@ -488,22 +488,6 @@ endif
.PHONY: _build
_build: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX)
-# Strip
-#
-# INSTALL_EFI_STRIP, if defined, will cause xen.efi to be stripped before it
-# is installed. If INSTALL_EFI_STRIP is '1', then the default option(s) below
-# will be used. Otherwise, INSTALL_EFI_STRIP value will be used as the
-# option(s) to the strip command.
-ifdef INSTALL_EFI_STRIP
-
-ifeq ($(INSTALL_EFI_STRIP),1)
-efi-strip-opt := --strip-debug --keep-file-symbols
-else
-efi-strip-opt := $(INSTALL_EFI_STRIP)
-endif
-
-endif
-
.PHONY: _install
_install: D=$(DESTDIR)
_install: T=$(notdir $(TARGET))
@@ -530,9 +514,6 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX)
ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \
ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \
if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \
- $(if $(efi-strip-opt), \
- $(STRIP) $(efi-strip-opt) -p -o $(TARGET).efi.stripped $(TARGET).efi && \
- $(INSTALL_DATA) $(TARGET).efi.stripped $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi ||) \
$(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \
elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \
echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \
diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
index ce724a9daa..e0ebc8c73e 100644
--- a/xen/arch/x86/Makefile
+++ b/xen/arch/x86/Makefile
@@ -232,14 +232,16 @@ endif
$(MAKE) $(build)=$(@D) .$(@F).1r.o .$(@F).1s.o
$(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds $< \
$(dot-target).1r.o $(dot-target).1s.o $(orphan-handling-y) \
- $(note_file_option) -o $@
- $(NM) -pa --format=sysv $@ \
+ $(note_file_option) -o $@.tmp
+ $(NM) -pa --format=sysv $@.tmp \
| $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort \
> $@.map
ifeq ($(CONFIG_DEBUG_INFO),y)
- $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@ $@.elf
+ $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@.tmp $@.elf
+ $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(STRIP) $@.tmp
endif
rm -f $(dot-target).[0-9]* $(@D)/..$(@F).[0-9]*
+ mv -f $@.tmp $@
ifeq ($(CONFIG_XEN_IBT),y)
$(SHELL) $(srctree)/tools/check-endbr.sh $@
endif
--
2.43.0On 12/06/2025 11:07 am, Frediano Ziglio wrote: > For xen.gz file we strip all symbols and have an additional > xen-syms file version with all symbols. > Make xen.efi more coherent stripping all symbols too. > xen.efi.elf can be used for debugging. > > Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> > --- > Changes since v1: > - avoid leaving target if some command fails CC-ing the EFI maintainers, as this is an EFI change. At the recent QubesOS hackathon, Michał Żygowski (3mdeb) found that stripping Xen was the difference between the system booting and not. With debugging symbols, xen.efi was ~32M and is placed above the 4G boundary by the EFI loader, hitting Xen's sanity check that it's below 4G. Xen does still have a requirement to live below the 4G boundary. At a minimum, idle_pg_table needs to be addressable with a 32bit %cr3, but I bet that isn't the only restriction we have. So, either we find a way of telling the EFI loader (using PE+ headers only) that we require to be below 4G (I have no idea if this is possible), or we strip xen.efi by default. I don't think making Xen.efi safe to operate above the 4G boundary is a viable option at this point. As Xen's defaults are broken on modern systems, this is also a bugfix candidate for 4.21, so CC Oleksii. ~Andrew (Retaining full patch for those CC'd into the thread) > --- > docs/misc/efi.pandoc | 8 +------- > xen/Kconfig.debug | 9 ++------- > xen/Makefile | 19 ------------------- > xen/arch/x86/Makefile | 8 +++++--- > 4 files changed, 8 insertions(+), 36 deletions(-) > > diff --git a/docs/misc/efi.pandoc b/docs/misc/efi.pandoc > index 11c1ac3346..c66b18a66b 100644 > --- a/docs/misc/efi.pandoc > +++ b/docs/misc/efi.pandoc > @@ -20,13 +20,7 @@ Xen to load the configuration file even if multiboot modules are found. > Once built, `make install-xen` will place the resulting binary directly into > the EFI boot partition, provided `EFI_VENDOR` is set in the environment (and > `EFI_MOUNTPOINT` is overridden as needed, should the default of `/boot/efi` not > -match your system). When built with debug info, the binary can be quite large. > -Setting `INSTALL_EFI_STRIP=1` in the environment will cause it to be stripped > -of debug info in the process of installing. `INSTALL_EFI_STRIP` can also be set > -to any combination of options suitable to pass to `strip`, in case the default > -ones don't do. The xen.efi binary will also be installed in `/usr/lib64/efi/`, > -unless `EFI_DIR` is set in the environment to override this default. This > -binary will not be stripped in the process. > +match your system). > > The binary itself will require a configuration file (names with the `.efi` > extension of the binary's name replaced by `.cfg`, and - until an existing > diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug > index d14093017e..cafbb1236c 100644 > --- a/xen/Kconfig.debug > +++ b/xen/Kconfig.debug > @@ -147,12 +147,7 @@ config DEBUG_INFO > Say Y here if you want to build Xen with debug information. This > information is needed e.g. for doing crash dump analysis of the > hypervisor via the "crash" tool. > - Saying Y will increase the size of the xen-syms and xen.efi > - binaries. In case the space on the EFI boot partition is rather > - limited, you may want to install a stripped variant of xen.efi in > - the EFI boot partition (look for "INSTALL_EFI_STRIP" in > - docs/misc/efi.pandoc for more information - when not using > - "make install-xen" for installing xen.efi, stripping needs to be > - done outside the Xen build environment). > + Saying Y will increase the size of the xen-syms and xen.efi.elf > + binaries. > > endmenu > diff --git a/xen/Makefile b/xen/Makefile > index 8fc4e042ff..664c4ea7b8 100644 > --- a/xen/Makefile > +++ b/xen/Makefile > @@ -488,22 +488,6 @@ endif > .PHONY: _build > _build: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) > > -# Strip > -# > -# INSTALL_EFI_STRIP, if defined, will cause xen.efi to be stripped before it > -# is installed. If INSTALL_EFI_STRIP is '1', then the default option(s) below > -# will be used. Otherwise, INSTALL_EFI_STRIP value will be used as the > -# option(s) to the strip command. > -ifdef INSTALL_EFI_STRIP > - > -ifeq ($(INSTALL_EFI_STRIP),1) > -efi-strip-opt := --strip-debug --keep-file-symbols > -else > -efi-strip-opt := $(INSTALL_EFI_STRIP) > -endif > - > -endif > - > .PHONY: _install > _install: D=$(DESTDIR) > _install: T=$(notdir $(TARGET)) > @@ -530,9 +514,6 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) > ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \ > ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \ > if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \ > - $(if $(efi-strip-opt), \ > - $(STRIP) $(efi-strip-opt) -p -o $(TARGET).efi.stripped $(TARGET).efi && \ > - $(INSTALL_DATA) $(TARGET).efi.stripped $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi ||) \ > $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \ > elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \ > echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \ > diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile > index ce724a9daa..e0ebc8c73e 100644 > --- a/xen/arch/x86/Makefile > +++ b/xen/arch/x86/Makefile > @@ -232,14 +232,16 @@ endif > $(MAKE) $(build)=$(@D) .$(@F).1r.o .$(@F).1s.o > $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds $< \ > $(dot-target).1r.o $(dot-target).1s.o $(orphan-handling-y) \ > - $(note_file_option) -o $@ > - $(NM) -pa --format=sysv $@ \ > + $(note_file_option) -o $@.tmp > + $(NM) -pa --format=sysv $@.tmp \ > | $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort \ > > $@.map > ifeq ($(CONFIG_DEBUG_INFO),y) > - $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@ $@.elf > + $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@.tmp $@.elf > + $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(STRIP) $@.tmp > endif > rm -f $(dot-target).[0-9]* $(@D)/..$(@F).[0-9]* > + mv -f $@.tmp $@ > ifeq ($(CONFIG_XEN_IBT),y) > $(SHELL) $(srctree)/tools/check-endbr.sh $@ > endif
On 02.10.2025 15:05, Andrew Cooper wrote: > On 12/06/2025 11:07 am, Frediano Ziglio wrote: >> For xen.gz file we strip all symbols and have an additional >> xen-syms file version with all symbols. >> Make xen.efi more coherent stripping all symbols too. >> xen.efi.elf can be used for debugging. >> >> Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> >> --- >> Changes since v1: >> - avoid leaving target if some command fails > > CC-ing the EFI maintainers, as this is an EFI change. > > At the recent QubesOS hackathon, Michał Żygowski (3mdeb) found that > stripping Xen was the difference between the system booting and not. > > With debugging symbols, xen.efi was ~32M and is placed above the 4G > boundary by the EFI loader, hitting Xen's sanity check that it's below 4G. > > Xen does still have a requirement to live below the 4G boundary. At a > minimum, idle_pg_table needs to be addressable with a 32bit %cr3, but I > bet that isn't the only restriction we have. > > So, either we find a way of telling the EFI loader (using PE+ headers > only) that we require to be below 4G (I have no idea if this is > possible), or we strip xen.efi by default. In principle not setting the large-address-aware flag ought to have such an effect, except that (a) I'm in doubt as to EFI loaders actually looking at the flag and (b) having this flag clear in an image with an image base address far beyond the 4Gb boundary is likely at least contradictory. Jan
On Thu, Oct 02, 2025 at 02:05:56PM +0100, Andrew Cooper wrote: > On 12/06/2025 11:07 am, Frediano Ziglio wrote: > > For xen.gz file we strip all symbols and have an additional > > xen-syms file version with all symbols. > > Make xen.efi more coherent stripping all symbols too. > > xen.efi.elf can be used for debugging. > > > > Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> Generally, Reviewed-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> But this may want a line in CHANGELOG.md, just for a little more visibility for people packaging Xen, as it may affect what should be included in debuginfo sub-package. > > --- > > Changes since v1: > > - avoid leaving target if some command fails > > CC-ing the EFI maintainers, as this is an EFI change. Thanks. I did noticed the patch independently, but only a few minutes earlier due to missing CC... > At the recent QubesOS hackathon, Michał Żygowski (3mdeb) found that > stripping Xen was the difference between the system booting and not. > > With debugging symbols, xen.efi was ~32M and is placed above the 4G > boundary by the EFI loader, hitting Xen's sanity check that it's below 4G. > > Xen does still have a requirement to live below the 4G boundary. At a > minimum, idle_pg_table needs to be addressable with a 32bit %cr3, but I > bet that isn't the only restriction we have. > > So, either we find a way of telling the EFI loader (using PE+ headers > only) that we require to be below 4G (I have no idea if this is > possible), or we strip xen.efi by default. > > I don't think making Xen.efi safe to operate above the 4G boundary is a > viable option at this point. > > As Xen's defaults are broken on modern systems, this is also a bugfix > candidate for 4.21, so CC Oleksii. I agree with this wanting to be considered for 4.21. > ~Andrew > > (Retaining full patch for those CC'd into the thread) > > > --- > > docs/misc/efi.pandoc | 8 +------- > > xen/Kconfig.debug | 9 ++------- > > xen/Makefile | 19 ------------------- > > xen/arch/x86/Makefile | 8 +++++--- > > 4 files changed, 8 insertions(+), 36 deletions(-) > > > > diff --git a/docs/misc/efi.pandoc b/docs/misc/efi.pandoc > > index 11c1ac3346..c66b18a66b 100644 > > --- a/docs/misc/efi.pandoc > > +++ b/docs/misc/efi.pandoc > > @@ -20,13 +20,7 @@ Xen to load the configuration file even if multiboot modules are found. > > Once built, `make install-xen` will place the resulting binary directly into > > the EFI boot partition, provided `EFI_VENDOR` is set in the environment (and > > `EFI_MOUNTPOINT` is overridden as needed, should the default of `/boot/efi` not > > -match your system). When built with debug info, the binary can be quite large. > > -Setting `INSTALL_EFI_STRIP=1` in the environment will cause it to be stripped > > -of debug info in the process of installing. `INSTALL_EFI_STRIP` can also be set > > -to any combination of options suitable to pass to `strip`, in case the default > > -ones don't do. The xen.efi binary will also be installed in `/usr/lib64/efi/`, > > -unless `EFI_DIR` is set in the environment to override this default. This > > -binary will not be stripped in the process. > > +match your system). > > > > The binary itself will require a configuration file (names with the `.efi` > > extension of the binary's name replaced by `.cfg`, and - until an existing > > diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug > > index d14093017e..cafbb1236c 100644 > > --- a/xen/Kconfig.debug > > +++ b/xen/Kconfig.debug > > @@ -147,12 +147,7 @@ config DEBUG_INFO > > Say Y here if you want to build Xen with debug information. This > > information is needed e.g. for doing crash dump analysis of the > > hypervisor via the "crash" tool. > > - Saying Y will increase the size of the xen-syms and xen.efi > > - binaries. In case the space on the EFI boot partition is rather > > - limited, you may want to install a stripped variant of xen.efi in > > - the EFI boot partition (look for "INSTALL_EFI_STRIP" in > > - docs/misc/efi.pandoc for more information - when not using > > - "make install-xen" for installing xen.efi, stripping needs to be > > - done outside the Xen build environment). > > + Saying Y will increase the size of the xen-syms and xen.efi.elf > > + binaries. > > > > endmenu > > diff --git a/xen/Makefile b/xen/Makefile > > index 8fc4e042ff..664c4ea7b8 100644 > > --- a/xen/Makefile > > +++ b/xen/Makefile > > @@ -488,22 +488,6 @@ endif > > .PHONY: _build > > _build: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) > > > > -# Strip > > -# > > -# INSTALL_EFI_STRIP, if defined, will cause xen.efi to be stripped before it > > -# is installed. If INSTALL_EFI_STRIP is '1', then the default option(s) below > > -# will be used. Otherwise, INSTALL_EFI_STRIP value will be used as the > > -# option(s) to the strip command. > > -ifdef INSTALL_EFI_STRIP > > - > > -ifeq ($(INSTALL_EFI_STRIP),1) > > -efi-strip-opt := --strip-debug --keep-file-symbols > > -else > > -efi-strip-opt := $(INSTALL_EFI_STRIP) > > -endif > > - > > -endif > > - > > .PHONY: _install > > _install: D=$(DESTDIR) > > _install: T=$(notdir $(TARGET)) > > @@ -530,9 +514,6 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) > > ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \ > > ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \ > > if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \ > > - $(if $(efi-strip-opt), \ > > - $(STRIP) $(efi-strip-opt) -p -o $(TARGET).efi.stripped $(TARGET).efi && \ > > - $(INSTALL_DATA) $(TARGET).efi.stripped $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi ||) \ > > $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \ > > elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \ > > echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \ > > diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile > > index ce724a9daa..e0ebc8c73e 100644 > > --- a/xen/arch/x86/Makefile > > +++ b/xen/arch/x86/Makefile > > @@ -232,14 +232,16 @@ endif > > $(MAKE) $(build)=$(@D) .$(@F).1r.o .$(@F).1s.o > > $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds $< \ > > $(dot-target).1r.o $(dot-target).1s.o $(orphan-handling-y) \ > > - $(note_file_option) -o $@ > > - $(NM) -pa --format=sysv $@ \ > > + $(note_file_option) -o $@.tmp > > + $(NM) -pa --format=sysv $@.tmp \ > > | $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort \ > > > $@.map > > ifeq ($(CONFIG_DEBUG_INFO),y) > > - $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@ $@.elf > > + $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@.tmp $@.elf > > + $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(STRIP) $@.tmp > > endif > > rm -f $(dot-target).[0-9]* $(@D)/..$(@F).[0-9]* > > + mv -f $@.tmp $@ > > ifeq ($(CONFIG_XEN_IBT),y) > > $(SHELL) $(srctree)/tools/check-endbr.sh $@ > > endif > -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab
On 02.10.2025 16:10, Marek Marczykowski-Górecki wrote: > On Thu, Oct 02, 2025 at 02:05:56PM +0100, Andrew Cooper wrote: >> On 12/06/2025 11:07 am, Frediano Ziglio wrote: >>> For xen.gz file we strip all symbols and have an additional >>> xen-syms file version with all symbols. >>> Make xen.efi more coherent stripping all symbols too. >>> xen.efi.elf can be used for debugging. >>> >>> Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> > > Generally, > Reviewed-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Just to double check: You offer this after having read (and discarded) my comments on v1, which v2 left largely unaddressed? IOW I continue to consider this a wrong move, and Andrew's remark towards "bootable vs not bootable" isn't quite relevant, seeing that prior to this patch we already had a way to strip the binary put onto the EFI partition (i.e. the one to be used for actual booting). Jan
On Tue, Oct 07, 2025 at 04:12:13PM +0200, Jan Beulich wrote: > On 02.10.2025 16:10, Marek Marczykowski-Górecki wrote: > > On Thu, Oct 02, 2025 at 02:05:56PM +0100, Andrew Cooper wrote: > >> On 12/06/2025 11:07 am, Frediano Ziglio wrote: > >>> For xen.gz file we strip all symbols and have an additional > >>> xen-syms file version with all symbols. > >>> Make xen.efi more coherent stripping all symbols too. > >>> xen.efi.elf can be used for debugging. > >>> > >>> Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> > > > > Generally, > > Reviewed-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> > > Just to double check: You offer this after having read (and discarded) my > comments on v1, which v2 left largely unaddressed? You mean the one about objcopy result used for debugging? I didn't see that before, since I wasn't in cc on v1... Anyway, are you aware of some specific objcopy issue. Or in other words: would xen.efi.elf _currently_ be broken (as in - unusable for debugging/disassembly)? If not, then I take that relevant part of your objection is mostly about inconsistent naming (xen.gz -> xen-syms, vs xen.efi -> xen.efi.elf). Would xen-syms.efi.elf be better? > IOW I continue to > consider this a wrong move, and Andrew's remark towards "bootable vs not > bootable" isn't quite relevant, seeing that prior to this patch we already > had a way to strip the binary put onto the EFI partition (i.e. the one to > be used for actual booting). -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab
On 07.10.2025 16:23, Marek Marczykowski-Górecki wrote: > On Tue, Oct 07, 2025 at 04:12:13PM +0200, Jan Beulich wrote: >> On 02.10.2025 16:10, Marek Marczykowski-Górecki wrote: >>> On Thu, Oct 02, 2025 at 02:05:56PM +0100, Andrew Cooper wrote: >>>> On 12/06/2025 11:07 am, Frediano Ziglio wrote: >>>>> For xen.gz file we strip all symbols and have an additional >>>>> xen-syms file version with all symbols. >>>>> Make xen.efi more coherent stripping all symbols too. >>>>> xen.efi.elf can be used for debugging. >>>>> >>>>> Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> >>> >>> Generally, >>> Reviewed-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> >> >> Just to double check: You offer this after having read (and discarded) my >> comments on v1, which v2 left largely unaddressed? > > You mean the one about objcopy result used for debugging? I didn't see > that before, since I wasn't in cc on v1... > > Anyway, are you aware of some specific objcopy issue. Or in other words: > would xen.efi.elf _currently_ be broken (as in - unusable for > debugging/disassembly)? I can't tell. I've seen fair parts of the code in the course of addressing various issues, and I would be very surprised if all of that was working correctly. > If not, then I take that relevant part of your > objection is mostly about inconsistent naming (xen.gz -> xen-syms, vs > xen.efi -> xen.efi.elf). Would xen-syms.efi.elf be better? Plus the one asking to strip only debug info, but not the symbol table. (And no, none of the suggested names look really nice to me.) Plus the one indicating that the change better wouldn't be made in the first place. As said, to deal with size issues we already have machinery in place. Not very nice machinery, but it's apparently functioning. For context, and to avoid the argument that GNU objcopy and strip are built from the same source file: The objcopy invocation here is to alter the format, whereas the strip invocation is merely to remove data without changing the format. The weakness in binutils, to a fair part due to a lack of routine testing, is with format conversions. (And yes, routine testing, as nice as it would be to have such, doesn't fit very well with how testing overall works, as commonly only the default format of a particular target would be tested.) Jan
On Tue, Oct 07, 2025 at 04:46:17PM +0200, Jan Beulich wrote: > On 07.10.2025 16:23, Marek Marczykowski-Górecki wrote: > > On Tue, Oct 07, 2025 at 04:12:13PM +0200, Jan Beulich wrote: > >> On 02.10.2025 16:10, Marek Marczykowski-Górecki wrote: > >>> On Thu, Oct 02, 2025 at 02:05:56PM +0100, Andrew Cooper wrote: > >>>> On 12/06/2025 11:07 am, Frediano Ziglio wrote: > >>>>> For xen.gz file we strip all symbols and have an additional > >>>>> xen-syms file version with all symbols. > >>>>> Make xen.efi more coherent stripping all symbols too. > >>>>> xen.efi.elf can be used for debugging. > >>>>> > >>>>> Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> > >>> > >>> Generally, > >>> Reviewed-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> > >> > >> Just to double check: You offer this after having read (and discarded) my > >> comments on v1, which v2 left largely unaddressed? > > > > You mean the one about objcopy result used for debugging? I didn't see > > that before, since I wasn't in cc on v1... > > > > Anyway, are you aware of some specific objcopy issue. Or in other words: > > would xen.efi.elf _currently_ be broken (as in - unusable for > > debugging/disassembly)? > > I can't tell. I've seen fair parts of the code in the course of addressing > various issues, and I would be very surprised if all of that was working > correctly. > > > If not, then I take that relevant part of your > > objection is mostly about inconsistent naming (xen.gz -> xen-syms, vs > > xen.efi -> xen.efi.elf). Would xen-syms.efi.elf be better? > > Plus the one asking to strip only debug info, but not the symbol table. > (And no, none of the suggested names look really nice to me.) > > Plus the one indicating that the change better wouldn't be made in the > first place. As said, to deal with size issues we already have machinery > in place. Not very nice machinery, but it's apparently functioning. I'm of the opinion that defaults matter. Just having ability to build a binary that works on more systems is not sufficient, if you'd need to spend a day (or more...) on debugging obscure error message to figure out which hidden option to use to get there. And while one could argue that CONFIG_DEBUG=y builds are only for people familiar with details to deal with such issues, IMO just CONFIG_DEBUG_INFO=y shouldn't need arcane knowledge to get it working... And since that's a common option to enable in distribution packages, person hitting the issue might not even be the one doing the build (and thus controlling the build options). As for the details how to get there, I'm more flexible. Based on earlier comments, it seems that (not stripped) xen.efi isn't very useful for debugging directly, an ELF version of it is. So IMO it makes sense to have the debug binary already converted. But if you say you have use for xen.efi with all debug info too, I'm okay with keeping it too, maybe as xen-syms.efi. It's a bit of more space (to have both efi and elf version with debug info), but since it doesn't apply to the installed version, only the one kept in the build directory, not a big issue IMO. -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab
On Thu, Oct 9, 2025 at 12:56 PM Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> wrote: > > On Tue, Oct 07, 2025 at 04:46:17PM +0200, Jan Beulich wrote: > > On 07.10.2025 16:23, Marek Marczykowski-Górecki wrote: > > > On Tue, Oct 07, 2025 at 04:12:13PM +0200, Jan Beulich wrote: > > >> On 02.10.2025 16:10, Marek Marczykowski-Górecki wrote: > > >>> On Thu, Oct 02, 2025 at 02:05:56PM +0100, Andrew Cooper wrote: > > >>>> On 12/06/2025 11:07 am, Frediano Ziglio wrote: > > >>>>> For xen.gz file we strip all symbols and have an additional > > >>>>> xen-syms file version with all symbols. > > >>>>> Make xen.efi more coherent stripping all symbols too. > > >>>>> xen.efi.elf can be used for debugging. > > >>>>> > > >>>>> Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> > > >>> > > >>> Generally, > > >>> Reviewed-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> > > >> > > >> Just to double check: You offer this after having read (and discarded) my > > >> comments on v1, which v2 left largely unaddressed? > > > > > > You mean the one about objcopy result used for debugging? I didn't see > > > that before, since I wasn't in cc on v1... > > > > > > Anyway, are you aware of some specific objcopy issue. Or in other words: > > > would xen.efi.elf _currently_ be broken (as in - unusable for > > > debugging/disassembly)? > > > > I can't tell. I've seen fair parts of the code in the course of addressing > > various issues, and I would be very surprised if all of that was working > > correctly. > > Yes, sorry about not replying to this part. At the time I was testing the various usages we do with that file before replying. Beside debugging we use it for automatic crash dump analysis and live patching. Unfortunately live patching was not working for reasons not bound to this change and it tooks a while to fix it. Once fixed live patching all our use cases of the ELF-translated file are working perfectly confirming that the file works correctly. > > > If not, then I take that relevant part of your > > > objection is mostly about inconsistent naming (xen.gz -> xen-syms, vs > > > xen.efi -> xen.efi.elf). Would xen-syms.efi.elf be better? > > > > Plus the one asking to strip only debug info, but not the symbol table. > > (And no, none of the suggested names look really nice to me.) > > > > Plus the one indicating that the change better wouldn't be made in the > > first place. As said, to deal with size issues we already have machinery > > in place. Not very nice machinery, but it's apparently functioning. > > I'm of the opinion that defaults matter. Just having ability to build a > binary that works on more systems is not sufficient, if you'd need to > spend a day (or more...) on debugging obscure error message to figure > out which hidden option to use to get there. And while one could argue > that CONFIG_DEBUG=y builds are only for people familiar with details to > deal with such issues, IMO just CONFIG_DEBUG_INFO=y shouldn't need > arcane knowledge to get it working... And since that's a common option > to enable in distribution packages, person hitting the issue might not > even be the one doing the build (and thus controlling the build > options). > > As for the details how to get there, I'm more flexible. Based on earlier > comments, it seems that (not stripped) xen.efi isn't very useful for > debugging directly, an ELF version of it is. So IMO it makes sense to > have the debug binary already converted. But if you say you have use for > xen.efi with all debug info too, I'm okay with keeping it too, maybe as > xen-syms.efi. It's a bit of more space (to have both efi and elf version > with debug info), but since it doesn't apply to the installed version, > only the one kept in the build directory, not a big issue IMO. > Frediano
On 09.10.2025 13:36, Marek Marczykowski-Górecki wrote: > On Tue, Oct 07, 2025 at 04:46:17PM +0200, Jan Beulich wrote: >> On 07.10.2025 16:23, Marek Marczykowski-Górecki wrote: >>> On Tue, Oct 07, 2025 at 04:12:13PM +0200, Jan Beulich wrote: >>>> On 02.10.2025 16:10, Marek Marczykowski-Górecki wrote: >>>>> On Thu, Oct 02, 2025 at 02:05:56PM +0100, Andrew Cooper wrote: >>>>>> On 12/06/2025 11:07 am, Frediano Ziglio wrote: >>>>>>> For xen.gz file we strip all symbols and have an additional >>>>>>> xen-syms file version with all symbols. >>>>>>> Make xen.efi more coherent stripping all symbols too. >>>>>>> xen.efi.elf can be used for debugging. >>>>>>> >>>>>>> Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> >>>>> >>>>> Generally, >>>>> Reviewed-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> >>>> >>>> Just to double check: You offer this after having read (and discarded) my >>>> comments on v1, which v2 left largely unaddressed? >>> >>> You mean the one about objcopy result used for debugging? I didn't see >>> that before, since I wasn't in cc on v1... >>> >>> Anyway, are you aware of some specific objcopy issue. Or in other words: >>> would xen.efi.elf _currently_ be broken (as in - unusable for >>> debugging/disassembly)? >> >> I can't tell. I've seen fair parts of the code in the course of addressing >> various issues, and I would be very surprised if all of that was working >> correctly. >> >>> If not, then I take that relevant part of your >>> objection is mostly about inconsistent naming (xen.gz -> xen-syms, vs >>> xen.efi -> xen.efi.elf). Would xen-syms.efi.elf be better? >> >> Plus the one asking to strip only debug info, but not the symbol table. >> (And no, none of the suggested names look really nice to me.) >> >> Plus the one indicating that the change better wouldn't be made in the >> first place. As said, to deal with size issues we already have machinery >> in place. Not very nice machinery, but it's apparently functioning. > > I'm of the opinion that defaults matter. Just having ability to build a > binary that works on more systems is not sufficient, if you'd need to > spend a day (or more...) on debugging obscure error message to figure > out which hidden option to use to get there. And while one could argue > that CONFIG_DEBUG=y builds are only for people familiar with details to > deal with such issues, IMO just CONFIG_DEBUG_INFO=y shouldn't need > arcane knowledge to get it working... And since that's a common option > to enable in distribution packages, person hitting the issue might not > even be the one doing the build (and thus controlling the build > options). > > As for the details how to get there, I'm more flexible. Based on earlier > comments, it seems that (not stripped) xen.efi isn't very useful for > debugging directly, an ELF version of it is. So IMO it makes sense to > have the debug binary already converted. But if you say you have use for > xen.efi with all debug info too, I'm okay with keeping it too, maybe as > xen-syms.efi. It's a bit of more space (to have both efi and elf version > with debug info), but since it doesn't apply to the installed version, > only the one kept in the build directory, not a big issue IMO. Hmm, yes, having xen-syms.efi (unstripped) plus xen.efi (with debug info stripped but symbol table retained, including file symbols) might indeed be a reasonable approach. (And then no xen-syms.efi at all when we pass --strip-debug to the linker anyway. For this to result in somewhat manageable Makefile logic, we may need to first split the linking rule into multiple steps, as iirc has been the plan for quite some time.) Jan
On 10/2/25 4:10 PM, Marek Marczykowski-Górecki wrote: > On Thu, Oct 02, 2025 at 02:05:56PM +0100, Andrew Cooper wrote: >> On 12/06/2025 11:07 am, Frediano Ziglio wrote: >>> For xen.gz file we strip all symbols and have an additional >>> xen-syms file version with all symbols. >>> Make xen.efi more coherent stripping all symbols too. >>> xen.efi.elf can be used for debugging. >>> >>> Signed-off-by: Frediano Ziglio<frediano.ziglio@cloud.com> > Generally, > Reviewed-by: Marek Marczykowski-Górecki<marmarek@invisiblethingslab.com> > > But this may want a line in CHANGELOG.md, just for a little more > visibility for people packaging Xen, as it may affect what should be > included in debuginfo sub-package. Good point. I can add a line in CHANGELOG.md if a new version of "[PATCH v2] CHANGELOG.md: Update for 4.21 release cycle" will be needed. > >>> --- >>> Changes since v1: >>> - avoid leaving target if some command fails >> CC-ing the EFI maintainers, as this is an EFI change. > Thanks. I did noticed the patch independently, but only a few minutes > earlier due to missing CC... > >> At the recent QubesOS hackathon, Michał Żygowski (3mdeb) found that >> stripping Xen was the difference between the system booting and not. >> >> With debugging symbols, xen.efi was ~32M and is placed above the 4G >> boundary by the EFI loader, hitting Xen's sanity check that it's below 4G. >> >> Xen does still have a requirement to live below the 4G boundary. At a >> minimum, idle_pg_table needs to be addressable with a 32bit %cr3, but I >> bet that isn't the only restriction we have. I think the last two paragraphs should be part of the commit message, as they clarify why these changes started to be needed in the first place. >> >> So, either we find a way of telling the EFI loader (using PE+ headers >> only) that we require to be below 4G (I have no idea if this is >> possible), or we strip xen.efi by default. IMO, it should be preferable solution then stripping ... >> >> I don't think making Xen.efi safe to operate above the 4G boundary is a >> viable option at this point. >> >> As Xen's defaults are broken on modern systems, this is also a bugfix >> candidate for 4.21, so CC Oleksii. > I agree with this wanting to be considered for 4.21. ... but if it is not clear at the moment how to instruct the EFI loader to load below 4G, then I am okay with this solution and it should be part of 4.21: Release-Acked-By: Oleksii Kurochko<oleksii.kurochko@gmail.com> Thanks. ~ Oleksii > >> ~Andrew >> >> (Retaining full patch for those CC'd into the thread) >> >>> --- >>> docs/misc/efi.pandoc | 8 +------- >>> xen/Kconfig.debug | 9 ++------- >>> xen/Makefile | 19 ------------------- >>> xen/arch/x86/Makefile | 8 +++++--- >>> 4 files changed, 8 insertions(+), 36 deletions(-) >>> >>> diff --git a/docs/misc/efi.pandoc b/docs/misc/efi.pandoc >>> index 11c1ac3346..c66b18a66b 100644 >>> --- a/docs/misc/efi.pandoc >>> +++ b/docs/misc/efi.pandoc >>> @@ -20,13 +20,7 @@ Xen to load the configuration file even if multiboot modules are found. >>> Once built, `make install-xen` will place the resulting binary directly into >>> the EFI boot partition, provided `EFI_VENDOR` is set in the environment (and >>> `EFI_MOUNTPOINT` is overridden as needed, should the default of `/boot/efi` not >>> -match your system). When built with debug info, the binary can be quite large. >>> -Setting `INSTALL_EFI_STRIP=1` in the environment will cause it to be stripped >>> -of debug info in the process of installing. `INSTALL_EFI_STRIP` can also be set >>> -to any combination of options suitable to pass to `strip`, in case the default >>> -ones don't do. The xen.efi binary will also be installed in `/usr/lib64/efi/`, >>> -unless `EFI_DIR` is set in the environment to override this default. This >>> -binary will not be stripped in the process. >>> +match your system). >>> >>> The binary itself will require a configuration file (names with the `.efi` >>> extension of the binary's name replaced by `.cfg`, and - until an existing >>> diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug >>> index d14093017e..cafbb1236c 100644 >>> --- a/xen/Kconfig.debug >>> +++ b/xen/Kconfig.debug >>> @@ -147,12 +147,7 @@ config DEBUG_INFO >>> Say Y here if you want to build Xen with debug information. This >>> information is needed e.g. for doing crash dump analysis of the >>> hypervisor via the "crash" tool. >>> - Saying Y will increase the size of the xen-syms and xen.efi >>> - binaries. In case the space on the EFI boot partition is rather >>> - limited, you may want to install a stripped variant of xen.efi in >>> - the EFI boot partition (look for "INSTALL_EFI_STRIP" in >>> - docs/misc/efi.pandoc for more information - when not using >>> - "make install-xen" for installing xen.efi, stripping needs to be >>> - done outside the Xen build environment). >>> + Saying Y will increase the size of the xen-syms and xen.efi.elf >>> + binaries. >>> >>> endmenu >>> diff --git a/xen/Makefile b/xen/Makefile >>> index 8fc4e042ff..664c4ea7b8 100644 >>> --- a/xen/Makefile >>> +++ b/xen/Makefile >>> @@ -488,22 +488,6 @@ endif >>> .PHONY: _build >>> _build: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) >>> >>> -# Strip >>> -# >>> -# INSTALL_EFI_STRIP, if defined, will cause xen.efi to be stripped before it >>> -# is installed. If INSTALL_EFI_STRIP is '1', then the default option(s) below >>> -# will be used. Otherwise, INSTALL_EFI_STRIP value will be used as the >>> -# option(s) to the strip command. >>> -ifdef INSTALL_EFI_STRIP >>> - >>> -ifeq ($(INSTALL_EFI_STRIP),1) >>> -efi-strip-opt := --strip-debug --keep-file-symbols >>> -else >>> -efi-strip-opt := $(INSTALL_EFI_STRIP) >>> -endif >>> - >>> -endif >>> - >>> .PHONY: _install >>> _install: D=$(DESTDIR) >>> _install: T=$(notdir $(TARGET)) >>> @@ -530,9 +514,6 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) >>> ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \ >>> ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \ >>> if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \ >>> - $(if $(efi-strip-opt), \ >>> - $(STRIP) $(efi-strip-opt) -p -o $(TARGET).efi.stripped $(TARGET).efi && \ >>> - $(INSTALL_DATA) $(TARGET).efi.stripped $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi ||) \ >>> $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \ >>> elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \ >>> echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \ >>> diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile >>> index ce724a9daa..e0ebc8c73e 100644 >>> --- a/xen/arch/x86/Makefile >>> +++ b/xen/arch/x86/Makefile >>> @@ -232,14 +232,16 @@ endif >>> $(MAKE) $(build)=$(@D) .$(@F).1r.o .$(@F).1s.o >>> $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds $< \ >>> $(dot-target).1r.o $(dot-target).1s.o $(orphan-handling-y) \ >>> - $(note_file_option) -o $@ >>> - $(NM) -pa --format=sysv $@ \ >>> + $(note_file_option) -o $@.tmp >>> + $(NM) -pa --format=sysv $@.tmp \ >>> | $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort \ >>> > $@.map >>> ifeq ($(CONFIG_DEBUG_INFO),y) >>> - $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@ $@.elf >>> + $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@.tmp $@.elf >>> + $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(STRIP) $@.tmp >>> endif >>> rm -f $(dot-target).[0-9]* $(@D)/..$(@F).[0-9]* >>> + mv -f $@.tmp $@ >>> ifeq ($(CONFIG_XEN_IBT),y) >>> $(SHELL) $(srctree)/tools/check-endbr.sh $@ >>> endif
On Thu, Jun 12, 2025 at 11:07 AM Frediano Ziglio <frediano.ziglio@cloud.com> wrote: > > For xen.gz file we strip all symbols and have an additional > xen-syms file version with all symbols. > Make xen.efi more coherent stripping all symbols too. > xen.efi.elf can be used for debugging. > > Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> > --- > Changes since v1: > - avoid leaving target if some command fails > --- > docs/misc/efi.pandoc | 8 +------- > xen/Kconfig.debug | 9 ++------- > xen/Makefile | 19 ------------------- > xen/arch/x86/Makefile | 8 +++++--- > 4 files changed, 8 insertions(+), 36 deletions(-) > > diff --git a/docs/misc/efi.pandoc b/docs/misc/efi.pandoc > index 11c1ac3346..c66b18a66b 100644 > --- a/docs/misc/efi.pandoc > +++ b/docs/misc/efi.pandoc > @@ -20,13 +20,7 @@ Xen to load the configuration file even if multiboot modules are found. > Once built, `make install-xen` will place the resulting binary directly into > the EFI boot partition, provided `EFI_VENDOR` is set in the environment (and > `EFI_MOUNTPOINT` is overridden as needed, should the default of `/boot/efi` not > -match your system). When built with debug info, the binary can be quite large. > -Setting `INSTALL_EFI_STRIP=1` in the environment will cause it to be stripped > -of debug info in the process of installing. `INSTALL_EFI_STRIP` can also be set > -to any combination of options suitable to pass to `strip`, in case the default > -ones don't do. The xen.efi binary will also be installed in `/usr/lib64/efi/`, > -unless `EFI_DIR` is set in the environment to override this default. This > -binary will not be stripped in the process. > +match your system). > > The binary itself will require a configuration file (names with the `.efi` > extension of the binary's name replaced by `.cfg`, and - until an existing > diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug > index d14093017e..cafbb1236c 100644 > --- a/xen/Kconfig.debug > +++ b/xen/Kconfig.debug > @@ -147,12 +147,7 @@ config DEBUG_INFO > Say Y here if you want to build Xen with debug information. This > information is needed e.g. for doing crash dump analysis of the > hypervisor via the "crash" tool. > - Saying Y will increase the size of the xen-syms and xen.efi > - binaries. In case the space on the EFI boot partition is rather > - limited, you may want to install a stripped variant of xen.efi in > - the EFI boot partition (look for "INSTALL_EFI_STRIP" in > - docs/misc/efi.pandoc for more information - when not using > - "make install-xen" for installing xen.efi, stripping needs to be > - done outside the Xen build environment). > + Saying Y will increase the size of the xen-syms and xen.efi.elf > + binaries. > > endmenu > diff --git a/xen/Makefile b/xen/Makefile > index 8fc4e042ff..664c4ea7b8 100644 > --- a/xen/Makefile > +++ b/xen/Makefile > @@ -488,22 +488,6 @@ endif > .PHONY: _build > _build: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) > > -# Strip > -# > -# INSTALL_EFI_STRIP, if defined, will cause xen.efi to be stripped before it > -# is installed. If INSTALL_EFI_STRIP is '1', then the default option(s) below > -# will be used. Otherwise, INSTALL_EFI_STRIP value will be used as the > -# option(s) to the strip command. > -ifdef INSTALL_EFI_STRIP > - > -ifeq ($(INSTALL_EFI_STRIP),1) > -efi-strip-opt := --strip-debug --keep-file-symbols > -else > -efi-strip-opt := $(INSTALL_EFI_STRIP) > -endif > - > -endif > - > .PHONY: _install > _install: D=$(DESTDIR) > _install: T=$(notdir $(TARGET)) > @@ -530,9 +514,6 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) > ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \ > ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \ > if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \ > - $(if $(efi-strip-opt), \ > - $(STRIP) $(efi-strip-opt) -p -o $(TARGET).efi.stripped $(TARGET).efi && \ > - $(INSTALL_DATA) $(TARGET).efi.stripped $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi ||) \ > $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \ > elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \ > echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \ > diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile > index ce724a9daa..e0ebc8c73e 100644 > --- a/xen/arch/x86/Makefile > +++ b/xen/arch/x86/Makefile > @@ -232,14 +232,16 @@ endif > $(MAKE) $(build)=$(@D) .$(@F).1r.o .$(@F).1s.o > $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds $< \ > $(dot-target).1r.o $(dot-target).1s.o $(orphan-handling-y) \ > - $(note_file_option) -o $@ > - $(NM) -pa --format=sysv $@ \ > + $(note_file_option) -o $@.tmp > + $(NM) -pa --format=sysv $@.tmp \ > | $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort \ > > $@.map > ifeq ($(CONFIG_DEBUG_INFO),y) > - $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@ $@.elf > + $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@.tmp $@.elf > + $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(STRIP) $@.tmp > endif > rm -f $(dot-target).[0-9]* $(@D)/..$(@F).[0-9]* > + mv -f $@.tmp $@ > ifeq ($(CONFIG_XEN_IBT),y) > $(SHELL) $(srctree)/tools/check-endbr.sh $@ > endif Any comments on this version? Frediano
ping On Wed, Jun 25, 2025 at 12:49 PM Frediano Ziglio <frediano.ziglio@cloud.com> wrote: > > On Thu, Jun 12, 2025 at 11:07 AM Frediano Ziglio > <frediano.ziglio@cloud.com> wrote: > > > > For xen.gz file we strip all symbols and have an additional > > xen-syms file version with all symbols. > > Make xen.efi more coherent stripping all symbols too. > > xen.efi.elf can be used for debugging. > > > > Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> > > --- > > Changes since v1: > > - avoid leaving target if some command fails > > --- > > docs/misc/efi.pandoc | 8 +------- > > xen/Kconfig.debug | 9 ++------- > > xen/Makefile | 19 ------------------- > > xen/arch/x86/Makefile | 8 +++++--- > > 4 files changed, 8 insertions(+), 36 deletions(-) > > > > diff --git a/docs/misc/efi.pandoc b/docs/misc/efi.pandoc > > index 11c1ac3346..c66b18a66b 100644 > > --- a/docs/misc/efi.pandoc > > +++ b/docs/misc/efi.pandoc > > @@ -20,13 +20,7 @@ Xen to load the configuration file even if multiboot modules are found. > > Once built, `make install-xen` will place the resulting binary directly into > > the EFI boot partition, provided `EFI_VENDOR` is set in the environment (and > > `EFI_MOUNTPOINT` is overridden as needed, should the default of `/boot/efi` not > > -match your system). When built with debug info, the binary can be quite large. > > -Setting `INSTALL_EFI_STRIP=1` in the environment will cause it to be stripped > > -of debug info in the process of installing. `INSTALL_EFI_STRIP` can also be set > > -to any combination of options suitable to pass to `strip`, in case the default > > -ones don't do. The xen.efi binary will also be installed in `/usr/lib64/efi/`, > > -unless `EFI_DIR` is set in the environment to override this default. This > > -binary will not be stripped in the process. > > +match your system). > > > > The binary itself will require a configuration file (names with the `.efi` > > extension of the binary's name replaced by `.cfg`, and - until an existing > > diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug > > index d14093017e..cafbb1236c 100644 > > --- a/xen/Kconfig.debug > > +++ b/xen/Kconfig.debug > > @@ -147,12 +147,7 @@ config DEBUG_INFO > > Say Y here if you want to build Xen with debug information. This > > information is needed e.g. for doing crash dump analysis of the > > hypervisor via the "crash" tool. > > - Saying Y will increase the size of the xen-syms and xen.efi > > - binaries. In case the space on the EFI boot partition is rather > > - limited, you may want to install a stripped variant of xen.efi in > > - the EFI boot partition (look for "INSTALL_EFI_STRIP" in > > - docs/misc/efi.pandoc for more information - when not using > > - "make install-xen" for installing xen.efi, stripping needs to be > > - done outside the Xen build environment). > > + Saying Y will increase the size of the xen-syms and xen.efi.elf > > + binaries. > > > > endmenu > > diff --git a/xen/Makefile b/xen/Makefile > > index 8fc4e042ff..664c4ea7b8 100644 > > --- a/xen/Makefile > > +++ b/xen/Makefile > > @@ -488,22 +488,6 @@ endif > > .PHONY: _build > > _build: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) > > > > -# Strip > > -# > > -# INSTALL_EFI_STRIP, if defined, will cause xen.efi to be stripped before it > > -# is installed. If INSTALL_EFI_STRIP is '1', then the default option(s) below > > -# will be used. Otherwise, INSTALL_EFI_STRIP value will be used as the > > -# option(s) to the strip command. > > -ifdef INSTALL_EFI_STRIP > > - > > -ifeq ($(INSTALL_EFI_STRIP),1) > > -efi-strip-opt := --strip-debug --keep-file-symbols > > -else > > -efi-strip-opt := $(INSTALL_EFI_STRIP) > > -endif > > - > > -endif > > - > > .PHONY: _install > > _install: D=$(DESTDIR) > > _install: T=$(notdir $(TARGET)) > > @@ -530,9 +514,6 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) > > ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \ > > ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \ > > if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \ > > - $(if $(efi-strip-opt), \ > > - $(STRIP) $(efi-strip-opt) -p -o $(TARGET).efi.stripped $(TARGET).efi && \ > > - $(INSTALL_DATA) $(TARGET).efi.stripped $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi ||) \ > > $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \ > > elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \ > > echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \ > > diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile > > index ce724a9daa..e0ebc8c73e 100644 > > --- a/xen/arch/x86/Makefile > > +++ b/xen/arch/x86/Makefile > > @@ -232,14 +232,16 @@ endif > > $(MAKE) $(build)=$(@D) .$(@F).1r.o .$(@F).1s.o > > $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds $< \ > > $(dot-target).1r.o $(dot-target).1s.o $(orphan-handling-y) \ > > - $(note_file_option) -o $@ > > - $(NM) -pa --format=sysv $@ \ > > + $(note_file_option) -o $@.tmp > > + $(NM) -pa --format=sysv $@.tmp \ > > | $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort \ > > > $@.map > > ifeq ($(CONFIG_DEBUG_INFO),y) > > - $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@ $@.elf > > + $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@.tmp $@.elf > > + $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(STRIP) $@.tmp > > endif > > rm -f $(dot-target).[0-9]* $(@D)/..$(@F).[0-9]* > > + mv -f $@.tmp $@ > > ifeq ($(CONFIG_XEN_IBT),y) > > $(SHELL) $(srctree)/tools/check-endbr.sh $@ > > endif > > Any comments on this version? > > Frediano
ping On Mon, Jul 28, 2025 at 11:34 AM Frediano Ziglio <frediano.ziglio@cloud.com> wrote: > > ping > > On Wed, Jun 25, 2025 at 12:49 PM Frediano Ziglio > <frediano.ziglio@cloud.com> wrote: > > > > On Thu, Jun 12, 2025 at 11:07 AM Frediano Ziglio > > <frediano.ziglio@cloud.com> wrote: > > > > > > For xen.gz file we strip all symbols and have an additional > > > xen-syms file version with all symbols. > > > Make xen.efi more coherent stripping all symbols too. > > > xen.efi.elf can be used for debugging. > > > > > > Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> > > > --- > > > Changes since v1: > > > - avoid leaving target if some command fails > > > --- > > > docs/misc/efi.pandoc | 8 +------- > > > xen/Kconfig.debug | 9 ++------- > > > xen/Makefile | 19 ------------------- > > > xen/arch/x86/Makefile | 8 +++++--- > > > 4 files changed, 8 insertions(+), 36 deletions(-) > > > > > > diff --git a/docs/misc/efi.pandoc b/docs/misc/efi.pandoc > > > index 11c1ac3346..c66b18a66b 100644 > > > --- a/docs/misc/efi.pandoc > > > +++ b/docs/misc/efi.pandoc > > > @@ -20,13 +20,7 @@ Xen to load the configuration file even if multiboot modules are found. > > > Once built, `make install-xen` will place the resulting binary directly into > > > the EFI boot partition, provided `EFI_VENDOR` is set in the environment (and > > > `EFI_MOUNTPOINT` is overridden as needed, should the default of `/boot/efi` not > > > -match your system). When built with debug info, the binary can be quite large. > > > -Setting `INSTALL_EFI_STRIP=1` in the environment will cause it to be stripped > > > -of debug info in the process of installing. `INSTALL_EFI_STRIP` can also be set > > > -to any combination of options suitable to pass to `strip`, in case the default > > > -ones don't do. The xen.efi binary will also be installed in `/usr/lib64/efi/`, > > > -unless `EFI_DIR` is set in the environment to override this default. This > > > -binary will not be stripped in the process. > > > +match your system). > > > > > > The binary itself will require a configuration file (names with the `.efi` > > > extension of the binary's name replaced by `.cfg`, and - until an existing > > > diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug > > > index d14093017e..cafbb1236c 100644 > > > --- a/xen/Kconfig.debug > > > +++ b/xen/Kconfig.debug > > > @@ -147,12 +147,7 @@ config DEBUG_INFO > > > Say Y here if you want to build Xen with debug information. This > > > information is needed e.g. for doing crash dump analysis of the > > > hypervisor via the "crash" tool. > > > - Saying Y will increase the size of the xen-syms and xen.efi > > > - binaries. In case the space on the EFI boot partition is rather > > > - limited, you may want to install a stripped variant of xen.efi in > > > - the EFI boot partition (look for "INSTALL_EFI_STRIP" in > > > - docs/misc/efi.pandoc for more information - when not using > > > - "make install-xen" for installing xen.efi, stripping needs to be > > > - done outside the Xen build environment). > > > + Saying Y will increase the size of the xen-syms and xen.efi.elf > > > + binaries. > > > > > > endmenu > > > diff --git a/xen/Makefile b/xen/Makefile > > > index 8fc4e042ff..664c4ea7b8 100644 > > > --- a/xen/Makefile > > > +++ b/xen/Makefile > > > @@ -488,22 +488,6 @@ endif > > > .PHONY: _build > > > _build: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) > > > > > > -# Strip > > > -# > > > -# INSTALL_EFI_STRIP, if defined, will cause xen.efi to be stripped before it > > > -# is installed. If INSTALL_EFI_STRIP is '1', then the default option(s) below > > > -# will be used. Otherwise, INSTALL_EFI_STRIP value will be used as the > > > -# option(s) to the strip command. > > > -ifdef INSTALL_EFI_STRIP > > > - > > > -ifeq ($(INSTALL_EFI_STRIP),1) > > > -efi-strip-opt := --strip-debug --keep-file-symbols > > > -else > > > -efi-strip-opt := $(INSTALL_EFI_STRIP) > > > -endif > > > - > > > -endif > > > - > > > .PHONY: _install > > > _install: D=$(DESTDIR) > > > _install: T=$(notdir $(TARGET)) > > > @@ -530,9 +514,6 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) > > > ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \ > > > ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \ > > > if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \ > > > - $(if $(efi-strip-opt), \ > > > - $(STRIP) $(efi-strip-opt) -p -o $(TARGET).efi.stripped $(TARGET).efi && \ > > > - $(INSTALL_DATA) $(TARGET).efi.stripped $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi ||) \ > > > $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \ > > > elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \ > > > echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \ > > > diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile > > > index ce724a9daa..e0ebc8c73e 100644 > > > --- a/xen/arch/x86/Makefile > > > +++ b/xen/arch/x86/Makefile > > > @@ -232,14 +232,16 @@ endif > > > $(MAKE) $(build)=$(@D) .$(@F).1r.o .$(@F).1s.o > > > $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds $< \ > > > $(dot-target).1r.o $(dot-target).1s.o $(orphan-handling-y) \ > > > - $(note_file_option) -o $@ > > > - $(NM) -pa --format=sysv $@ \ > > > + $(note_file_option) -o $@.tmp > > > + $(NM) -pa --format=sysv $@.tmp \ > > > | $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort \ > > > > $@.map > > > ifeq ($(CONFIG_DEBUG_INFO),y) > > > - $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@ $@.elf > > > + $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@.tmp $@.elf > > > + $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(STRIP) $@.tmp > > > endif > > > rm -f $(dot-target).[0-9]* $(@D)/..$(@F).[0-9]* > > > + mv -f $@.tmp $@ > > > ifeq ($(CONFIG_XEN_IBT),y) > > > $(SHELL) $(srctree)/tools/check-endbr.sh $@ > > > endif > > > > Any comments on this version? > > > > Frediano
ping ________________________________ From: Frediano Ziglio <frediano.ziglio@cloud.com> Sent: 15 August 2025 11:33 To: xen-devel@lists.xenproject.org <xen-devel@lists.xenproject.org> Cc: Andrew Cooper <andrew.cooper3@citrix.com>; Anthony PERARD <anthony.perard@vates.tech>; Michal Orzel <michal.orzel@amd.com>; Jan Beulich <jbeulich@suse.com>; Julien Grall <julien@xen.org>; Roger Pau Monné <roger.pau@citrix.com>; Stefano Stabellini <sstabellini@kernel.org> Subject: Re: [PATCH v2] xen: Strip xen.efi by default ping On Mon, Jul 28, 2025 at 11:34 AM Frediano Ziglio <frediano.ziglio@cloud.com> wrote: > > ping > > On Wed, Jun 25, 2025 at 12:49 PM Frediano Ziglio > <frediano.ziglio@cloud.com> wrote: > > > > On Thu, Jun 12, 2025 at 11:07 AM Frediano Ziglio > > <frediano.ziglio@cloud.com> wrote: > > > > > > For xen.gz file we strip all symbols and have an additional > > > xen-syms file version with all symbols. > > > Make xen.efi more coherent stripping all symbols too. > > > xen.efi.elf can be used for debugging. > > > > > > Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com> > > > --- > > > Changes since v1: > > > - avoid leaving target if some command fails > > > --- > > > docs/misc/efi.pandoc | 8 +------- > > > xen/Kconfig.debug | 9 ++------- > > > xen/Makefile | 19 ------------------- > > > xen/arch/x86/Makefile | 8 +++++--- > > > 4 files changed, 8 insertions(+), 36 deletions(-) > > > > > > diff --git a/docs/misc/efi.pandoc b/docs/misc/efi.pandoc > > > index 11c1ac3346..c66b18a66b 100644 > > > --- a/docs/misc/efi.pandoc > > > +++ b/docs/misc/efi.pandoc > > > @@ -20,13 +20,7 @@ Xen to load the configuration file even if multiboot modules are found. > > > Once built, `make install-xen` will place the resulting binary directly into > > > the EFI boot partition, provided `EFI_VENDOR` is set in the environment (and > > > `EFI_MOUNTPOINT` is overridden as needed, should the default of `/boot/efi` not > > > -match your system). When built with debug info, the binary can be quite large. > > > -Setting `INSTALL_EFI_STRIP=1` in the environment will cause it to be stripped > > > -of debug info in the process of installing. `INSTALL_EFI_STRIP` can also be set > > > -to any combination of options suitable to pass to `strip`, in case the default > > > -ones don't do. The xen.efi binary will also be installed in `/usr/lib64/efi/`, > > > -unless `EFI_DIR` is set in the environment to override this default. This > > > -binary will not be stripped in the process. > > > +match your system). > > > > > > The binary itself will require a configuration file (names with the `.efi` > > > extension of the binary's name replaced by `.cfg`, and - until an existing > > > diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug > > > index d14093017e..cafbb1236c 100644 > > > --- a/xen/Kconfig.debug > > > +++ b/xen/Kconfig.debug > > > @@ -147,12 +147,7 @@ config DEBUG_INFO > > > Say Y here if you want to build Xen with debug information. This > > > information is needed e.g. for doing crash dump analysis of the > > > hypervisor via the "crash" tool. > > > - Saying Y will increase the size of the xen-syms and xen.efi > > > - binaries. In case the space on the EFI boot partition is rather > > > - limited, you may want to install a stripped variant of xen.efi in > > > - the EFI boot partition (look for "INSTALL_EFI_STRIP" in > > > - docs/misc/efi.pandoc for more information - when not using > > > - "make install-xen" for installing xen.efi, stripping needs to be > > > - done outside the Xen build environment). > > > + Saying Y will increase the size of the xen-syms and xen.efi.elf > > > + binaries. > > > > > > endmenu > > > diff --git a/xen/Makefile b/xen/Makefile > > > index 8fc4e042ff..664c4ea7b8 100644 > > > --- a/xen/Makefile > > > +++ b/xen/Makefile > > > @@ -488,22 +488,6 @@ endif > > > .PHONY: _build > > > _build: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) > > > > > > -# Strip > > > -# > > > -# INSTALL_EFI_STRIP, if defined, will cause xen.efi to be stripped before it > > > -# is installed. If INSTALL_EFI_STRIP is '1', then the default option(s) below > > > -# will be used. Otherwise, INSTALL_EFI_STRIP value will be used as the > > > -# option(s) to the strip command. > > > -ifdef INSTALL_EFI_STRIP > > > - > > > -ifeq ($(INSTALL_EFI_STRIP),1) > > > -efi-strip-opt := --strip-debug --keep-file-symbols > > > -else > > > -efi-strip-opt := $(INSTALL_EFI_STRIP) > > > -endif > > > - > > > -endif > > > - > > > .PHONY: _install > > > _install: D=$(DESTDIR) > > > _install: T=$(notdir $(TARGET)) > > > @@ -530,9 +514,6 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) > > > ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \ > > > ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \ > > > if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \ > > > - $(if $(efi-strip-opt), \ > > > - $(STRIP) $(efi-strip-opt) -p -o $(TARGET).efi.stripped $(TARGET).efi && \ > > > - $(INSTALL_DATA) $(TARGET).efi.stripped $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi ||) \ > > > $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \ > > > elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \ > > > echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \ > > > diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile > > > index ce724a9daa..e0ebc8c73e 100644 > > > --- a/xen/arch/x86/Makefile > > > +++ b/xen/arch/x86/Makefile > > > @@ -232,14 +232,16 @@ endif > > > $(MAKE) $(build)=$(@D) .$(@F).1r.o .$(@F).1s.o > > > $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds $< \ > > > $(dot-target).1r.o $(dot-target).1s.o $(orphan-handling-y) \ > > > - $(note_file_option) -o $@ > > > - $(NM) -pa --format=sysv $@ \ > > > + $(note_file_option) -o $@.tmp > > > + $(NM) -pa --format=sysv $@.tmp \ > > > | $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort \ > > > > $@.map > > > ifeq ($(CONFIG_DEBUG_INFO),y) > > > - $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@ $@.elf > > > + $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@.tmp $@.elf > > > + $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(STRIP) $@.tmp > > > endif > > > rm -f $(dot-target).[0-9]* $(@D)/..$(@F).[0-9]* > > > + mv -f $@.tmp $@ > > > ifeq ($(CONFIG_XEN_IBT),y) > > > $(SHELL) $(srctree)/tools/check-endbr.sh $@ > > > endif > > > > Any comments on this version? > > > > Frediano
© 2016 - 2025 Red Hat, Inc.