OVMF for R4.0
160 views
Skip to first unread message
Alex Floyd
Jul 20, 2017, 3:58:22 PM7/20/17
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hey all,
I noticed that "support" for OVMF in the xen-4.8 branch of the
'xen.spec' in the qubes-xen-vmm repo has been added. I also see that
it is an optional feature for Qubes in issue #2849 "Stubdomain related
bugs/todos". The current support progress to me looks like it is just
combining the OS system package's OVMF images from
/usr/share/edk2/ovmf/OVMF_*.fd to have a binary for Xen to use.
As far as I can tell, Marek was thinking about using the OVMF port to
Xen that Anthony Perard wrote/is working on to use over the system
package OVMF binaries.
I would like to help with getting OVMF implemented into Qubes using
the guidelines from the OVMF port. I have a system build script that
builds OVMF for testing SMM using libvirt and KVM on Fedora 25 and 26.
I can modify this script to build the OVMF binaries for Xen, and then
fine tune the OVMF for Qubes with some feedback & testing.
The SMM script is located at:
https://github.com/gencymex/smmtestbuildscript
Would this be something that Qubes-OS developers are interested in me
doing?
-----BEGIN PGP SIGNATURE-----
iQJPBAEBCAA5FiEE/uqpYKVXMvPi+oujATVgIguBe+gFAllxC0IbHGVtZXJnZW5j
eW1leGljYW5AZ21haWwuY29tAAoJEAE1YCILgXvoSDYQAJdrywgT+3FYm6LALhzn
m/NctIydKMZ8df2CmTzasvURspK9z0VpLR4GqhhoQp1/nefC0XiJqL9gHhxGWRR3
0rOLdzT9YRWyTKnO9/jCtYFyx9Jd+Up22XY3b8dXbgbsyYDO8vtq2opA47dmkwPA
HFSsYrjaXWg5qFFezfdCCPCSlGGffLqgJqH+D67RUZZupLxi1XmuZ5ZUeWBj4we8
/lQgENRsdOSev+R6d7V+hdQxKRVsxwsl2YLNtnnFqDrtQ5ScVDvVZY0SbIj8g2SC
ZO9SHIemyHb0n4BvUi9C0FMfD29eQ4Cq4/fr+2VYLFms5RWD/eXA+cFrOqsqU7OM
EMqXVDkGd8M09qeI/5R2MFRNWU3JOS5DJXxTCvctW2E0YYTcu7K9EZabr0QvBQpo
0vQ4Ujw8rQYVJOqAhLiqoEdddIgKjGDUIEunR5WHt2ib2BWBvm0irhA9oQLX0j7q
xHFjF5qxtf9v/oUSwu6gDBuBM8hmMLtkzGnQN042Ko6iVK3GAbMmS0T1w6HgtaG4
/d9/ARvyrQj6AXRcVYN6umf7kJKWe4UP+qYmPoka8mHJ3ssrdZdZW+fQYrDd9Uds
znxdQInu3G/qltRxV8JdnuHufFuetChZlgMpjpDGoxdRh8uDgwaLhqiXiNKR7Q7E
W4OA8ElsIL7PX3ycJsLCr7ld
=RSM5
-----END PGP SIGNATURE-----
Hash: SHA256
Hey all,
I noticed that "support" for OVMF in the xen-4.8 branch of the
'xen.spec' in the qubes-xen-vmm repo has been added. I also see that
it is an optional feature for Qubes in issue #2849 "Stubdomain related
bugs/todos". The current support progress to me looks like it is just
combining the OS system package's OVMF images from
/usr/share/edk2/ovmf/OVMF_*.fd to have a binary for Xen to use.
As far as I can tell, Marek was thinking about using the OVMF port to
Xen that Anthony Perard wrote/is working on to use over the system
package OVMF binaries.
I would like to help with getting OVMF implemented into Qubes using
the guidelines from the OVMF port. I have a system build script that
builds OVMF for testing SMM using libvirt and KVM on Fedora 25 and 26.
I can modify this script to build the OVMF binaries for Xen, and then
fine tune the OVMF for Qubes with some feedback & testing.
The SMM script is located at:
https://github.com/gencymex/smmtestbuildscript
Would this be something that Qubes-OS developers are interested in me
doing?
-----BEGIN PGP SIGNATURE-----
iQJPBAEBCAA5FiEE/uqpYKVXMvPi+oujATVgIguBe+gFAllxC0IbHGVtZXJnZW5j
eW1leGljYW5AZ21haWwuY29tAAoJEAE1YCILgXvoSDYQAJdrywgT+3FYm6LALhzn
m/NctIydKMZ8df2CmTzasvURspK9z0VpLR4GqhhoQp1/nefC0XiJqL9gHhxGWRR3
0rOLdzT9YRWyTKnO9/jCtYFyx9Jd+Up22XY3b8dXbgbsyYDO8vtq2opA47dmkwPA
HFSsYrjaXWg5qFFezfdCCPCSlGGffLqgJqH+D67RUZZupLxi1XmuZ5ZUeWBj4we8
/lQgENRsdOSev+R6d7V+hdQxKRVsxwsl2YLNtnnFqDrtQ5ScVDvVZY0SbIj8g2SC
ZO9SHIemyHb0n4BvUi9C0FMfD29eQ4Cq4/fr+2VYLFms5RWD/eXA+cFrOqsqU7OM
EMqXVDkGd8M09qeI/5R2MFRNWU3JOS5DJXxTCvctW2E0YYTcu7K9EZabr0QvBQpo
0vQ4Ujw8rQYVJOqAhLiqoEdddIgKjGDUIEunR5WHt2ib2BWBvm0irhA9oQLX0j7q
xHFjF5qxtf9v/oUSwu6gDBuBM8hmMLtkzGnQN042Ko6iVK3GAbMmS0T1w6HgtaG4
/d9/ARvyrQj6AXRcVYN6umf7kJKWe4UP+qYmPoka8mHJ3ssrdZdZW+fQYrDd9Uds
znxdQInu3G/qltRxV8JdnuHufFuetChZlgMpjpDGoxdRh8uDgwaLhqiXiNKR7Q7E
W4OA8ElsIL7PX3ycJsLCr7ld
=RSM5
-----END PGP SIGNATURE-----
Marek Marczykowski-Górecki
Jul 20, 2017, 9:07:32 PM7/20/17
to Alex Floyd, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
On Thu, Jul 20, 2017 at 12:58:05PM -0700, Alex Floyd wrote:
> Hey all,
>
> I noticed that "support" for OVMF in the xen-4.8 branch of the
> 'xen.spec' in the qubes-xen-vmm repo has been added. I also see that
> it is an optional feature for Qubes in issue #2849 "Stubdomain related
> bugs/todos". The current support progress to me looks like it is just
> combining the OS system package's OVMF images from
> /usr/share/edk2/ovmf/OVMF_*.fd to have a binary for Xen to use.
>
> As far as I can tell, Marek was thinking about using the OVMF port to
> Xen that Anthony Perard wrote/is working on to use over the system
> package OVMF binaries.
>
> I would like to help with getting OVMF implemented into Qubes using
> the guidelines from the OVMF port. I have a system build script that
> builds OVMF for testing SMM using libvirt and KVM on Fedora 25 and 26.
> I can modify this script to build the OVMF binaries for Xen, and then
> fine tune the OVMF for Qubes with some feedback & testing.
>
> The SMM script is located at:
> https://github.com/gencymex/smmtestbuildscript
>
> Would this be something that Qubes-OS developers are interested in me
> doing?
Generally that would be very useful! It is something that we want to have
> Hey all,
>
> I noticed that "support" for OVMF in the xen-4.8 branch of the
> 'xen.spec' in the qubes-xen-vmm repo has been added. I also see that
> it is an optional feature for Qubes in issue #2849 "Stubdomain related
> bugs/todos". The current support progress to me looks like it is just
> combining the OS system package's OVMF images from
> /usr/share/edk2/ovmf/OVMF_*.fd to have a binary for Xen to use.
>
> As far as I can tell, Marek was thinking about using the OVMF port to
> Xen that Anthony Perard wrote/is working on to use over the system
> package OVMF binaries.
>
> I would like to help with getting OVMF implemented into Qubes using
> the guidelines from the OVMF port. I have a system build script that
> builds OVMF for testing SMM using libvirt and KVM on Fedora 25 and 26.
> I can modify this script to build the OVMF binaries for Xen, and then
> fine tune the OVMF for Qubes with some feedback & testing.
>
> The SMM script is located at:
> https://github.com/gencymex/smmtestbuildscript
>
> Would this be something that Qubes-OS developers are interested in me
> doing?
at some point. The idea is to use OVMF to start a PVHv2 VM using a
kernel from within its disk image (compared to a file in dom0 in classic
approach).
But there are still few missing parts to test it properly:
- libvirt support for PVHv2 (should be very simple, but still...)
- new enough kernel in the VM (>=4.11), with PVHv2 support enabled
(CONFIG_XEN_PVH)
- ESP inside VM image should have that kernel included
Most of it is easy to workaround for testing, but for OVMF to be really
usable there is some more work to do.
Anyway, help in this area will be greatly appreciated!
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJZcVPKAAoJENuP0xzK19cs25MH/00SouRYWdes78pHHaE3AlY/
kaaBPwpe0R9xIeicPHBtZ+PTfTLLEu3CfY4sim+SnxFIObUFVKUdNsh8yWfZ7DVq
fi+j7MZDxNn1hSClsjAwZj8qgHL3LtooqHmAQwc4c7peqyheVA9heEJmcGvDCoSG
GWC1f3Agz+lHPWtLtCrkgJmDLtOiXz1don/r6AdhwW7d4SdM7MX/QJlFjggQgjL6
4a5ZgRUVrdnjgE8beoO0o/EP8zdYLCUy/ClFyZF1YaOF7uMOYXIG9XIfmqyHbDww
X6B1AT2hyD/tfTzS8B6Pu5egTXSEYcM45lKDwUnaMMbyS8LQmgKnij+rRdRHd40=
=kObS
-----END PGP SIGNATURE-----
Alex Floyd
Jul 20, 2017, 11:37:57 PM7/20/17
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
quick tweak to a script to get OVMF working with Qubes, it was more a
general outline of the work that needs to be done for this to happen.
I spent a great deal of time looking through Qubes issues and source
code to explore the task. This info helps a lot. I know where I need
to get started!
https://github.com/tianocore/tianocore.github.io/wiki/Tasks#Optimize_OVM
F_for_Xen_HVM_Domains
The above task on the Tianocore EDK2 repo aligns with this task as
well. So we can knock out two birds with one stone, and help more than
just Qubes with this work.
I will start with libvirt support for PVHv2, since that should just be
some tweaks to an existing template to get it to work, just initially.
As with anything dealing with xml templates, it can be a PITA and time
consuming due to checking that each field has the correct data.
I will also start with Fedora 26 as my initial OS for building and
testing, since it it has 4.11.10-300.fc26.x86_64 for it's kernel. At
least that is what this box runs after updates.
OVMF wont be easy, but most of the very hard work of porting it to Xen
has been done already.
I am happy to help out. Qubes is my absolute favorite OS. One day I
will have a machine new enough to properly run it.
- - -side note: I would really love to run Qubes-OS on my PS4... the newer
IOMMU and all the virtualization capabilities it has, the better
fusion chipset... I am drooling just thinking about it.
-----BEGIN PGP SIGNATURE-----
iQJPBAEBCAA5FiEE/uqpYKVXMvPi+oujATVgIguBe+gFAllxdswbHGVtZXJnZW5j
eW1leGljYW5AZ21haWwuY29tAAoJEAE1YCILgXvo478P/ixtdsDYNMNZRlhRtA9x
zeqSasTsU3qY1zkH0ebis+aPuRGIIYFyDsbCiB7Xqi+bQCbdfnt5Y8mVpG2+ubd+
t6NMYujVQcWNE5YTxpTDwgfD8QbUyRU7OgQ0OajqzENKiv0ZPO9xqORenLWwO8Nx
tZiL6WfzUM8/EcGmd4KH/zWfcnGaIAv3tEYS8tX6rIvz11vV6A8MehszD2zRqnxB
+rv+gQ/pcX5WBnp71LZPZXk29sNhedKDY0WU0AS0OddpSMsjMamZlcw+6TaFk0bW
rLY7zPM1OHocmXpevnSlv6QVj9TOJsYbvqPLbqBTgBXjc0NOyaDjcuAgvnIt08VK
bgFokpyNbWfVkN4ct6sdjTcbDwlyqJlgwnvKHiQzrJH+KEFX1c2/10MlUjDyiGrG
hhJbplAKm3RfSMSZeW4P7e0p6NlekYJ+UZ1S/uU+qLPouIJaHg59wvI/8B30H8rV
14sa0tcUmLHdrC7qjK7ciIRprSjiihTx5oCjWq5E+uISn3H7VsHarZaujTB7aNbm
K3p80PqXZ9GVpnDZFpODGoCajiaeF6hraHvBpQcE1e/BrYIhsAwN59fdDDvNxe0/
gLtiDPGE4BHY7pc8LRn6Cxm61lx8glabYHbjzkhlsbuovaCZF46YMC1Um3lMYW7Y
6UHLI68BSi8k40gqWpUgI8Ba
=SeKy
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages