xpds14 - xen in efi world - daniel kiper, oracle

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

2


Xen in EFI World

Daniel Kiper e-mail: [email protected]

3


Presentation agenda

• Firmware

• PC BIOS

• EFI

• Xen & EFI

• QEMU & Open Virtual Machine Firmware (OVMF)

• Documentation

• Questions and Answers

4


FIRMWARE

• The combination of software and data that reside on readonly memory (IEEE 100 The Authoritative Dictionary of IEEE Standards Terms, Seventh Edition)

• A program, typically stored in read-only memory, that controls a computer from the time that it is turned on until the time that the primary operating system assumes control of the computer (IEEE 100 The Authoritative Dictionary of IEEE Standards Terms, Seventh Edition)

• There are more of them and all of them are not precise

• And some of them have a notice: The confusion surrounding this term has led some to suggest that it be avoided altogether (IEEE 100 The Authoritative Dictionary of IEEE Standards Terms, Seventh Edition)

Definitions

5


PC Basic Input Output System (BIOS)

• PC BIOS/ROM BIOS was only one proprietary thing in original IBM PC (but source code is publicly available, sic!)

• It has many implementations (proprietary and open)

• De facto standard but with a bunch of deviations

• It initializes hardware after power on and tries to load operating system

• It hides hardware details and exposes something that is called the Hardware Abstraction Layer (HAL) to a given OS

• Due to shortcomings later it was extended by ACPI, SMBIOS and other stuff

Properties

6


PC BIOS

• Very buggy

• New hardware with advanced features cannot be handled easily (e.g. new large disks or SSD)

• Slow especially without BIOS caching feature

• It runs in real mode only

• Today used mainly to initialize hardware after power on and to load operating system

• New operating systems sometimes use BIOS to get info about hardware configuration

• New drivers access hardware directly

Shortcomings

7


EFI

• Initial development was done under the Intel® Boot Initiative program which began in 1998

• New specification was named the Extensible Firmware Interface (EFI) and was targeted to the next generation of IA architecture-based computers

• In 2005 the Unified EFI Forum was established and took over work on EFI

• Specification was renamed the Unified Extensible Firmware Interface (UEFI) and its development was based on Intel’s EFI 1.10 Specification

• Original EFI Specification ends with version 1.10

• Latest UEFI 2.4 Specification was released on July 11, 2013

History

8


UEFI

• Coherent, scalable platform environment

• Abstraction of the OS from the firmware

• Reasonable device abstraction free of legacy interfaces

• Abstraction of Option ROMs from the firmware

• Architecturally shareable system partition

• Evolutionary, not revolutionary

• Compatibility by design

• Simplifies addition of OS-neutral platform value-add

• Built on existing investment

• Copyright 2006-2013 Unified EFI, Inc. All Rights Reserved.

Goals

9


UEFI


Conceptual Overview

10


UEFI


Booting Sequence

11


Xen hypervisor

• EFI support was introduced in Xen 4.2

• Only EFI loader is fully supported now

• GRUB/GRUB2 multiboot protocol and Xen do not work on EFI platform

• But GRUB2 with fakebios and chainloader can be used to load xen.efi on EFI platform (this option was not tested deeply)

• Daniel Kiper from Oracle works on full GRUB2 support

• Support for Secure Boot with GRUB2 will not be available at first

• GRUB2 requires some changes to support Secure Boot

Current state

12


Dom0 kernels

• Upstream Linux Kernel will have Xen dom0 EFI support from 3.17-rc1

• Jan Beulich from SUSE, Liang Tang and Daniel Kiper from Oracle prepared Xen dom0 EFI implementation for x86

• Most of above mentioned code is independent of architecture, so it can be easily used on ARM architecture (and others if needed)

Current state

13


EFI support in guests

• Open Virtual Machine Firmware (OVMF) was added to Xen source some time ago

• Wei Liu from Citrix added code which passes memory information from hvmloader to OVMF and fixed some memory layout issues in OVMF

• Anthony Perard from Citrix works on getting PV driver to work in OVMF guests

• OVMF support is now under tests in OSSTest

• OVMF support is considered as experimental in Xen 4.4

Current state

14


Xen hypervisor

• multiboot (v1) protocol has been supported since its beginning

• It does not have any knowledge about EFI stuff (e.g. EFI tables)

• This protocol is very rigid, i.e. we are not able to easily pass any extra information for which there is no room in multiboot info structure

• It means that we are not able to pass EFI data to Xen (e.g. memory layout with EFI attributes)

• multiboot2 protocol is a solution to that problem

• It uses a list or arguments which can be easily extended but…

• There is limited support for EFI stuff (e.g. ACPI RSDP, EFI tables, EFI memory map)

multiboot2 protocol support development

15


Xen hypervisor

• GRUB2 calls ExitBootServices()

• multiboot2 protocol requires x86 32-bit mode but Xen EFI is 64-bit mode application

• How to solve above mentioned issues?


16


Xen hypervisor

• To disable ExitBootServices() call by special tag (done)

• To leave processor in native EFI mode (in this case 64-bit mode)

• To use Boot Services from Xen code to explore platform details (memory map, ACPI, SMBIOS, EDD, and graphic card mode)

• To call ExitBootServices() from Xen code

• To execute Xen code as usual

• What code changes are needed?


17


Xen hypervisor

• We introduce third boot protocol to Xen (currently we have mutliboot - v1 - and EFI loader support), so we should…

• Remove strong dependency on mutliboot (v1) protocol and introduce Xen boot info structure which will be used to pass all boot arguments from any boot protocol to __start_xen() (done; needs to be posted)

• Add EFI support to Xen ELF executable (almost done)

• Wrap Xen ELF executable into PE header; needed for Secure Boot support (needs to be done)

• Maybe we should consider compressing Xen ELF before packing it into PE, however, it requires more work

• Xen ELF before/after compression: ~2 MiB/~900 KiB

• Debian experimental /boot/vmlinuz-3.16-rc6-amd64: ~3 MiB


18


Dom0 kernels

• EFI stuff is fully owned and controlled by Xen hypervisor

• dom0 needs some access to EFI Runtime Services

• Hence, all calls from dom0 to EFI must be requested via special hypercall which in turn executes relevant EFI code on behalf of dom0

How it works

19


Dom0 kernels

• When dom0 kernel boots it checks for EFI availability on a machine.

• If it is detected then artificial EFI system table is filled

• Native EFI calls are replaced by functions which mimics them by calling relevant hypercall

• Pointer to EFI system table is passed to standard EFI machinery and it continues EFI subsystem initialization taking into account that there is no direct access to EFI boot services, runtime, tables, structures, etc.

• System runs as usual

How it works

20


How to run Xen on EFI platform

• To build xen.efi binary (howto: xen/docs/misc/efi.markdown)

• To create xen.cfg file on EFI System partition

[global]

default=xen-serial

[xen-serial]

options=com1=115200,8n1 dom0_mem=1g,max:1g console=com1,vga

kernel=vmlinuz.efi root=/dev/sda1 ro console=tty1 console=hvc0

ramdisk=initrd.gz

• xen.efi, xen.cfg, kernel and ramdisk file should live on EFI System partition

• To execute xen.efi binary from EFI loader

EFI loader case

21


Open Virtual Machine Firmware (OVMF)

• OVMF is a project to enable support for UEFI within Virtual Machines. It is built upon the EDK II code base. (http://tianocore.sourceforge.net/)

• OVMF-X64-r15214.zip and OVMF-IA32-r15214.zip files with OVMF binaries for QEMU are available at TianoCore site

• Some companies/individuals (e.g. SUSE) publish own OVMF releases

• You can also build your own OVMF binaries

• Relevant instructions are available at TianoCore site and http://wiki.ubuntu.com/UEFI/EDK2 or http://www.linux-kvm.org/page/OVMF

• But this process is quite complicated

UEFI within Virtual Machines

22


QEMU

• QEMU is a generic and open source machine emulator and virtualizer (http://wiki.qemu.org/Main_Page)

• Good to do some arch testing and virtualization (as it is) but also excellent for debugging

• # qemu … -pflash <path_to_OVMF.fd> …

• # qemu … -bios <path_to_OVMF.fd> …

• # qemu … -L <dir_with_your_ovmf_payload> …

• <dir_with_your_ovmf_payload> should contain at least bios.bin and keymaps directory but some versions require also kvmvapic.bin, pxe-e1000.rom and vgabios-cirrus.bin

How to play with EFI without soldering equipment

23


Documentation

• http://www.classiccomputers.info/manuals.html

• http://www.intel.com/

• http://www.uefi.org/

• http://www.xenproject.org/

• http://wiki.qemu.org/Main_Page

• http://tianocore.sourceforge.net/

• http://wiki.ubuntu.com/UEFI/EDK2

• http://www.linux-kvm.org/page/OVMF

24


Documentation

• http://www.kraxel.org/repos/

• git://git.code.sf.net/p/tianocore/edk2

• Panda is Xen Project mascot

• EPROM pictures were taken by Richard Wheeler (http://www.richardwheeler.net/)

25


Questions and Answers

26


Safe Harbor Statement

The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

27

xpds14 - xen in efi world - daniel kiper, oracle

Technology

oracle andor

efi loader

intels efi

xen dom0 efi support

unified efi forum

efi platformbut grub2

sole discretion of oracle

xen source