[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 0/4] Various patches to improve Secure Boot support

To: xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Frediano Ziglio <freddy77@xxxxxxxxx>
Date: Thu, 11 Jun 2026 16:32:53 +0100
Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=20251104 header.d=gmail.com header.i="@gmail.com" header.h="Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:Cc:To:From"
Cc: Frediano Ziglio <frediano.ziglio@xxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Teddy Astie <teddy.astie@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 11 Jun 2026 15:33:20 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

These patches improve support for Secure boot.
UEFI CA memory mitigation requires memory pages to be not executable and
writable at the same time. So changing permissions and splitting some section
is required.
Remove multiboot pieces from EFI executable.

Changes since v1:
- improved some comments;
- merged 2 pacthes removing multiboot support in x86 PE;
- removed a patch dealing with SBAT;
- other minor changes (see single patches).

Frediano Ziglio (2):
  Align some sections to 4KB
  x86: Split .init section to satisfy UEFI CA memory mitigation

Roger Pau Monné (2):
  x86/efi: discard multiboot support for PE binary
  x86/efi: avoid a relocation in efi_arch_post_exit_boot()

 docs/hypervisor-guide/x86/how-xen-boots.rst |  6 ------
 xen/arch/x86/boot/head.S                    |  3 ++-
 xen/arch/x86/efi/efi-boot.h                 |  7 +++++--
 xen/arch/x86/xen.lds.S                      | 22 +++++++++++----------
 4 files changed, 19 insertions(+), 19 deletions(-)

-- 
2.43.0

Follow-Ups:
- [PATCH v2 4/4] x86: Split .init section to satisfy UEFI CA memory mitigation
  - From: Frediano Ziglio
- [PATCH v2 2/4] x86/efi: discard multiboot support for PE binary
  - From: Frediano Ziglio
- [PATCH v2 3/4] x86/efi: avoid a relocation in efi_arch_post_exit_boot()
  - From: Frediano Ziglio
- [PATCH v2 1/4] Align some sections to 4KB
  - From: Frediano Ziglio

Prev by Date: [PATCH v2 1/4] Align some sections to 4KB
Next by Date: [PATCH v2 3/4] x86/efi: avoid a relocation in efi_arch_post_exit_boot()
Previous by thread: [PATCH] xen/gntdev: fix refcount leak in gntdev_ioctl_map_grant_ref()
Next by thread: [PATCH v2 1/4] Align some sections to 4KB
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.