On Thu, May 08, 2025 at 01:28:21PM +0100, Frediano Ziglio wrote: > On Thu, May 8, 2025 at 12:55 PM Andrew Cooper <andrew.coop...@citrix.com> > wrote: > > > > On 08/05/2025 11:31 am, Marek Marczykowski-Górecki wrote: > > > On Thu, May 08, 2025 at 09:51:59AM +0100, Andrew Cooper wrote: > > >> Also, > > >> > > >>> ld: warning: orphan section `.sbat' from `prelink.o' being placed in > > >>> section `.sbat' > > >> This is because sbat.o is getting linked into the non-EFI build of Xen > > >> too. > > >> > > >> I'm less sure how to go about fixing this. There's no nice way I can > > >> see of of getting sbat.o only in the EFI build. The other option is to > > >> discard it for the ELF build. > > > This is kinda related to my question on Matrix - is multiboot2 binary > > > also supposed to (eventually) support UEFI SB? > > > > This is mixing two things. > > > > Xen is either an ELF binary (ultimately zipped, so xen.gz) or is an EFI > > binary (xen.efi). > > > > Both of these binaries currently have an MB2 header. This was by > > accident, as xen.efi is a strict superset of the ELF build. > > > > We are planning to use multiboot2 booting. The reason is the way we > want some parameters (like command line) to be passed. We are going to > use grub2.
Which means that multiboot2 binary needs to be signed somehow, and for MS to be happy, needs to include SBAT too. Relevant series: https://lore.kernel.org/xen-devel/20240328151106.1451104-1-ross.lagerw...@citrix.com/ I don't recall seeing v3 posted. And relevant grub series: https://lore.kernel.org/xen-devel/20240328151302.1451158-1-ross.lagerw...@citrix.com/ > > AIUI, SBAT only makes sense to exist in the EFI binary. > > > > ~Andrew > > Frediano -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab
signature.asc
Description: PGP signature
