[Fedora-xen] Xen, Fedora, and UEFI Secure Boot

Pasi Kärkkäinen pasik at iki.fi
Wed Jul 11 14:47:59 UTC 2012


On Wed, Jul 11, 2012 at 02:29:35PM +0100, Dario Faggioli wrote:
> On Thu, 2012-07-05 at 11:04 -0400, Konrad Rzeszutek Wilk wrote: 
> > > Ok, so, should we be concerned? Is there something we can/should do
> > > about that? How do you think we can help in having xen being considered?
> > 
> > First the Linux kernel running under EFI has to actually boot (with Xen
> > hypervisor).  It doesn't do that yet and the upstream kernel would
> > need patches for that.
> > 
> Yes, I can imagine there are technical challenges and open issues, but
> (although, of course, I might be wrong), that is not what scares me
> most... I really think there are good enough "brains" working on
> them! :-)
> 
> What I wanted to know here is whether or not there already are plans to
> include the xen binaries in that signing game, so that Fedora users can
> still `yum install xen -- reboot --start playing' as it is happening
> now, and, more important, if that is not the case what we can do to help
> this. 
> 
> Is the fact that Fedora release guidelines include Xen  _guest_ support
> but not full _host_ functionalities going to be an issue if/when we
> decide to try influencing this
> http://fedoraproject.org/wiki/Features/SecureBoot ?
> 

I think the guideline including only Xen _guest_ support is from the time
when dom0 support really wasn't usable in upstream Linux kernel.

Now dom0 is obviously supported in upstream Linux, so we should get 
dom0 support to the guidelines aswell.

-- Pasi



More information about the xen mailing list