[PATCH v5 0/5] Various patches to improve Secure Boot support

Frediano Ziglio posted 5 patches 1 week, 1 day ago
Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/20260626123645.229375-1-frediano.ziglio@citrix.com
docs/hypervisor-guide/x86/how-xen-boots.rst |  6 -----
xen/arch/x86/boot/head.S                    | 10 +++++---
xen/arch/x86/efi/efi-boot.h                 |  7 ++++--
xen/arch/x86/xen.lds.S                      | 27 +++++++++++++--------
4 files changed, 28 insertions(+), 22 deletions(-)
[PATCH v5 0/5] Various patches to improve Secure Boot support
Posted by Frediano Ziglio 1 week, 1 day ago
These patches improve support for Secure boot.
UEFI CA memory mitigation requires memory pages to be not executable and
writable at the same time. So changing permissions and splitting some section
is required.
Remove multiboot pieces from EFI executable.

Changes since v1:
- improved some comments;
- merged 2 pacthes removing multiboot support in x86 PE;
- removed a patch dealing with SBAT;
- other minor changes (see single patches).

Changes since v2:
- improved some comments.

Changes since v3:
- Added Acked-by;
- Improve commit message.

Changes since v4:
- Messages updates;
- Clean some dependencies cause by code removal;
- Add small commit to remove a possibly unused string.

Frediano Ziglio (3):
  Align relevant sections to 4KB
  x86: Split .init section to satisfy UEFI CA memory mitigation
  x86/boot: Exclude not used string

Roger Pau Monné (2):
  x86/efi: discard multiboot and PVH support for PE binary
  x86/efi: avoid a relocation in efi_arch_post_exit_boot()

 docs/hypervisor-guide/x86/how-xen-boots.rst |  6 -----
 xen/arch/x86/boot/head.S                    | 10 +++++---
 xen/arch/x86/efi/efi-boot.h                 |  7 ++++--
 xen/arch/x86/xen.lds.S                      | 27 +++++++++++++--------
 4 files changed, 28 insertions(+), 22 deletions(-)

-- 
2.43.0