I'm unsure about exporting all random parameters to env namespace. PHP went down this road and result was bunch of bad vulnerabilities. Maybe instead of blindly exporting it have some kind of export or query command? Or at least add some prefix to exported vars to identify them as such?
Regards Vladimir 'phcoder' Serbinenko Le jeu. 24 avr. 2025, 05:47, Aaron Rainbolt <arraybo...@gmail.com> a écrit : > The purpose of this patch is to allow the Xen hypervisor to pass extra > data to GRUB in the form of a kernel command line, allowing the host to > customize the boot process of the guest. The command line from Xen is > parsed, and any variables within that start with the string > `xen_grub_env_` are exposed as environment variables. The grub.cfg > script can then use those environment variables as it sees fit. > > The main reason for doing this is to allow implementing boot modes in > Qubes OS while also using in-VM kernels. For more context on Qubes boot > modes, see [1]. In order for this to work with in-VM kernels, it is > necessary for dom0 to pass kernel parameters to the guest without > modifying the guest's grub.cfg manually. This patch allows this to be > done, by allowing dom0 to pass kernel parameters to GRUB, which then > provides them to grub.cfg as an environment variable. The grub.cfg > script within the VM can then append those variables to the kernel > command line. > > This is a significantly more robust version of the Xen command line > parsing draft sent previously [2]. The patch has been tested with both > PV and PVH virtual machines, using an otherwise unpatched GRUB source > tree, building the patch on top of the tip of git master at the time > of this writing (commit 4abac0a). My testing environment is a fully > updated Arch Linux system with Xen built from the stable-4.20 branch. > > Some changes from the initial draft sent previously: > > * Only parameters starting with `xen_grub_env_` are exposed as > environment variables. This solves two of the previous patch's issues > - dom0 can no longer clobber arbitrary variables within grub.cfg (as > it cannot define variables with names that don't start with > `xen_grub_env`), and API breakage won't occur if in the future more > features are added to GRUB that use the Xen-provided kernel command > line. > * Testing has been done as described above. > > [1] https://github.com/QubesOS/qubes-linux-pvgrub2/pull/16 > [2] https://lists.gnu.org/archive/html/grub-devel/2025-04/msg00050.html > > Aaron Rainbolt (1): > Add Xen command line parsing > > grub-core/Makefile.core.def | 2 + > grub-core/kern/i386/xen/pvh.c | 16 ++ > grub-core/kern/main.c | 12 ++ > grub-core/kern/xen/cmdline.c | 270 ++++++++++++++++++++++++++++++++++ > include/grub/xen.h | 2 + > 5 files changed, 302 insertions(+) > create mode 100644 grub-core/kern/xen/cmdline.c > > -- > 2.49.0 > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel >
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
