Re: [ImageBuilder v2] uboot-script-gen: add xen xsm policy loading support

Thu, 17 Apr 2025 01:41:24 -0700 



On 17.04.25 01:03, Stefano Stabellini wrote:

On Tue, 15 Apr 2025, Grygorii Strashko wrote:

From: Grygorii Strashko <grygorii_stras...@epam.com>

This patch adds Xen XSM policy loading support.

The configuration file XEN_POLICY specifies Xen hypervisor
XSM policy binary to load.

Signed-off-by: Grygorii Strashko <grygorii_stras...@epam.com>
---
changes in v2:
- fix conditional statements for XEN_POLICY
- add XSM policy binary check

  README.md                |  2 ++
  scripts/uboot-script-gen | 34 ++++++++++++++++++++++++++++++++++
  2 files changed, 36 insertions(+)

diff --git a/README.md b/README.md
index 137abef153ce..9106d2a07302 100644
--- a/README.md
+++ b/README.md
@@ -91,6 +91,8 @@ Where:
  - XEN specifies the Xen hypervisor binary to load. Note that it has to
    be a regular Xen binary, not a u-boot binary.

  
+- XEN_POLICY specifies the Xen hypervisor XSM policy binary to load.

+
  - XEN_COLORS specifies the colors (cache coloring) to be used for Xen
    and is in the format startcolor-endcolor

  
diff --git a/scripts/uboot-script-gen b/scripts/uboot-script-gen

index c4d26caf5e0e..208eafdecfeb 100755
--- a/scripts/uboot-script-gen
+++ b/scripts/uboot-script-gen
@@ -315,6 +315,15 @@ function xen_device_tree_editing()
      dt_set "/chosen" "#size-cells" "hex" "0x2"
      dt_set "/chosen" "xen,xen-bootargs" "str" "$XEN_CMD"

  
+    if test -n "$XEN_POLICY" && test "$xen_policy_addr" != "-"

+    then
+        local node_name="xen-policy@${xen_policy_addr#0x}"
+
+        dt_mknode "/chosen" "$node_name"
+        dt_set "/chosen/$node_name" "compatible" "str_a" "xen,xsm-policy 
xen,multiboot-module multiboot,module"
+        dt_set "/chosen/$node_name" "reg" "hex" "$(split_addr_size $xen_policy_addr 
$xen_policy_size)"
+    fi
+
      if test "$DOM0_KERNEL"
      then
          local node_name="dom0@${dom0_kernel_addr#0x}"
@@ -900,6 +909,15 @@ xen_file_loading()
      kernel_addr=$memaddr
      kernel_path=$XEN
      load_file "$XEN" "host_kernel"
+
+    xen_policy_addr="-"
+    if test -n "$XEN_POLICY"
+    then
+        check_file_type "${XEN_POLICY}" "SE Linux policy"
+        xen_policy_addr=$memaddr
+        load_file "$XEN_POLICY" "xen_policy"
+        xen_policy_size=$filesize
+    fi
  }

  
  linux_file_loading()

@@ -939,6 +957,22 @@ bitstream_load_and_config()

  
  create_its_file_xen()

  {
+    if test -n "$XEN_POLICY" && test "$xen_policy_addr" != "-"
+    then
+        cat >> "$its_file" <<- EOF
+        xen_policy {
+            description = "Xen XSM policy binary";
+            data = /incbin/("$XEN_POLICY");
+            type = "kernel";


This should be "firmware". Aside from that, the patch is fine.
If you are OK with it, I can fix it on commit.



I'm ok. Thank you.

--
Best regards,
-grygorii























					Reply via email to