On 07.05.2025 11:42, Frediano Ziglio wrote: > From: Frediano Ziglio <frediano.zig...@cloud.com> > > Using EFI Secure Boot all kernel level code should be signed and > there should be no way to run unchecked code. > For this reason the Kexec interface needs to be changed in order > to allows signature checking. > > The purgatory code is included in Xen itself as passing this code > from userspace it's not secure (see patches 2/4 and 3/4). > > Changes since v1: > - update copyright lines; > - better sha2 declarations. > > Ross Lagerwall (4): > xen/lib: Export additional sha256 functions > kexec: Include purgatory in Xen > kexec: Implement new EFI load types > kexec: Support non-page-aligned kexec segments
As a general remark: You're sending all of these patches on Ross' behalf, yet none of them has your own S-o-b. It is my understanding that strictly speaking we wouldn't be permitted to take such patches. Jan
