Installation in a Xen guest (pvgrub)

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Installation in a Xen guest (pvgrub)

Markus Kolb
Hi,

is there a possibility to install/boot OpenBSD in a Xen guest which is
booted by pvgrub1 or pvgrub2? The pvgrub is configured to use a
/boot/grub/grub.cfg of the guest in the 1st partition.

In a non-Xen-grub there is a bsd-module which can boot the installer
bsd.rd, but this bsd-module is not available in the xenhost-builds of
grub.
There is also no chain-module for chainloader configs.

Any ideas?

Thanks
Markus

Reply | Threaded
Open this post in threaded view
|

Re: Installation in a Xen guest (pvgrub)

Demi M. Obenour
On 2020-07-09 05:06, Markus Kolb wrote:

> Hi,
>
> is there a possibility to install/boot OpenBSD in a Xen guest which is booted by pvgrub1 or pvgrub2? The pvgrub is configured to use a /boot/grub/grub.cfg of the guest in the 1st partition.
>
> In a non-Xen-grub there is a bsd-module which can boot the installer bsd.rd, but this bsd-module is not available in the xenhost-builds of grub.
> There is also no chain-module for chainloader configs.
>
> Any ideas?
>
> Thanks
> Markus

For me, OpenBSD boots fine in HVM mode (with an I/O emulator).
I have not tried PVH mode and would not expect it to work.  PV mode
definitely won’t work, and should be avoided anyway for both security
and performance reasons.

Is HVM mode okay, or do you need PVH?

Sincerely,

Demi

Reply | Threaded
Open this post in threaded view
|

Re: Installation in a Xen guest (pvgrub)

Markus Kolb
Am 10.07.2020 23:30, schrieb Demi M. Obenour:

[...]

> For me, OpenBSD boots fine in HVM mode (with an I/O emulator).
> I have not tried PVH mode and would not expect it to work.  PV mode
> definitely won’t work, and should be avoided anyway for both security
> and performance reasons.
>
> Is HVM mode okay, or do you need PVH?

I'd like to install and boot it in a remote service provider
environment.
There I have only Linux systems available to install and a Linux rescue
system to switch over.
The installation is not the problem. I could also use a disk image.
For boot I can only rely on a bunch of provided Linux kernels or the
pvgrub stuff to boot from the disks.
So the only chance to get it running would be the way with the
"Xen-grub" I think, if there is no possibility that Linux has learned to
boot (not virtual) BSD ;-)

Would there be a chance to hack on the Linux-bootcode to boot the
BSD-kernel? Makes it sense to look into how this boot works or doesn't
it make sense at all?!

Reply | Threaded
Open this post in threaded view
|

Re: Installation in a Xen guest (pvgrub)

Pierre-Philipp Braun
Hey,

> For boot I can only rely on a bunch of provided Linux kernels or the
> pvgrub stuff to boot from the disks.

There is no possibility to run HVM / PVHVM guests over there?

PVGRUB will only boot PV guests, not even PVH.  To run a PVH guest, the only method available today is Direct Kernel Boot *1.  And I don't think OpenBSD supports PVH just yet anyhow.  Besides, I've read somewhere you might need some exotic cpu flags to run a PVH domain, such as `ept`, not just `vmx`.

> Would there be a chance to hack on the Linux-bootcode to boot the
> BSD-kernel? Makes it sense to look into how this boot works or doesn't
> it make sense at all?!

GRUB2 should be able to boot an OpenBSD kernel natively *2.  Thing is, PVGRUB works for PV, not PVH nor PVHVM.  However you might get NetBSD XEN/PV up and running at your XEN ISP *3, by leveraging PVGRUB indeed *3.  And in case UFS is not built-into their PVGRUB binary (that would be weird, as one usually builds pvgrub with all possible modules within), you would still be able to boot it on EXT2 with poor disk performance *4.

*1 http://xenbits.xen.org/docs/unstable/man/xl.cfg.5.html#Direct-Kernel-Boot
*2 https://www.gnu.org/software/grub/manual/grub/html_node/Supported-kernels.html
*3 https://pub.nethence.com/booting/grub
*4 https://pub.nethence.com/bsd/malabar

--
Pierre-Philipp

Reply | Threaded
Open this post in threaded view
|

Re: Installation in a Xen guest (pvgrub)

Markus Kolb
Am 21.07.2020 15:51, schrieb Pierre-Philipp Braun:

[...]

> GRUB2 should be able to boot an OpenBSD kernel natively *2.  Thing is,
> PVGRUB works for PV, not PVH nor PVHVM.  However you might get NetBSD
> XEN/PV up and running at your XEN ISP *3, by leveraging PVGRUB indeed
> *3.  And in case UFS is not built-into their PVGRUB binary (that would
> be weird, as one usually builds pvgrub with all possible modules
> within), you would still be able to boot it on EXT2 with poor disk
> performance *4.
>
> *1
> http://xenbits.xen.org/docs/unstable/man/xl.cfg.5.html#Direct-Kernel-Boot
> *2
> https://www.gnu.org/software/grub/manual/grub/html_node/Supported-kernels.html
> *3 https://pub.nethence.com/booting/grub
> *4 https://pub.nethence.com/bsd/malabar

The filesystem modules are available in the pvgrub. But no modules for
booting openbsd or netbsd. So "kopenbsd" or "knetbsd" or "multiboot" is
not available. Only "linux".
Grub does not support this modules for the xen builds (pvgrub). I've
checked it in the sources. There is only code for BSD for the hardware
build targets of grub and not the xen targets.

Reply | Threaded
Open this post in threaded view
|

Re: Installation in a Xen guest (pvgrub)

Theo de Raadt-2
Markus Kolb <[hidden email]> wrote:

> Am 21.07.2020 15:51, schrieb Pierre-Philipp Braun:
>
> [...]
> > GRUB2 should be able to boot an OpenBSD kernel natively *2.  Thing is,
> > PVGRUB works for PV, not PVH nor PVHVM.  However you might get NetBSD
> > XEN/PV up and running at your XEN ISP *3, by leveraging PVGRUB indeed
> > *3.  And in case UFS is not built-into their PVGRUB binary (that would
> > be weird, as one usually builds pvgrub with all possible modules
> > within), you would still be able to boot it on EXT2 with poor disk
> > performance *4.
> >
> > *1
> > http://xenbits.xen.org/docs/unstable/man/xl.cfg.5.html#Direct-Kernel-Boot
> > *2
> > https://www.gnu.org/software/grub/manual/grub/html_node/Supported-kernels.html
> > *3 https://pub.nethence.com/booting/grub
> > *4 https://pub.nethence.com/bsd/malabar
>
> The filesystem modules are available in the pvgrub. But no modules for
> booting openbsd or netbsd. So "kopenbsd" or "knetbsd" or "multiboot"
> is not available. Only "linux".
> Grub does not support this modules for the xen builds (pvgrub). I've
> checked it in the sources. There is only code for BSD for the hardware
> build targets of grub and not the xen targets.

non-OpenBSD bootloaders will do a shitty job of booting OpenBSD.
I'm not going to bother explaining the situation in detail.  People
who try to go that way have already decided they don't care about the
consequences.

Reply | Threaded
Open this post in threaded view
|

Re: Installation in a Xen guest (pvgrub)

Markus Kolb
Am 24.07.2020 17:30, schrieb Theo de Raadt:
[...]
> non-OpenBSD bootloaders will do a shitty job of booting OpenBSD.
> I'm not going to bother explaining the situation in detail.  People
> who try to go that way have already decided they don't care about the
> consequences.

Ok. Thanks.

Are you talking about biosboot or 2nd stage boot?

But would it be in theory possible to program a
(1) specialized "bootloader" which is bootable by linux-cmd of grub
and
(2) this specialized "bootloader" continues with the BSD boot code? At
the moment I'm thinking of 2nd stage boot.
So going from grub 2nd stage via fake-linux-kernel to 2nd stage OpenBSD
boot...

Part 1 should be doable.
But what is about part 2? Would it be possible or are there technical
system restrictions making it impossible e.g. like CPU operating modes
or restrictions to access the BIOS?
And so any further thinking and investigation in this way is waste of
time...

Reply | Threaded
Open this post in threaded view
|

Re: Installation in a Xen guest (pvgrub)

Theo de Raadt-2
Markus Kolb <[hidden email]> wrote:

> Am 24.07.2020 17:30, schrieb Theo de Raadt:
> [...]
> > non-OpenBSD bootloaders will do a shitty job of booting OpenBSD.
> > I'm not going to bother explaining the situation in detail.  People
> > who try to go that way have already decided they don't care about the
> > consequences.
>
> Ok. Thanks.
>
> Are you talking about biosboot or 2nd stage boot?

2nd.

> But would it be in theory possible to program a
> (1) specialized "bootloader" which is bootable by linux-cmd of grub
> and
> (2) this specialized "bootloader" continues with the BSD boot code? At
> the moment I'm thinking of 2nd stage boot.
> So going from grub 2nd stage via fake-linux-kernel to 2nd stage
> OpenBSD boot...

But that method already exists.  Boot our MBR/PBR, which loads our boot.

And our boot does special stuff.

But people keep wanting to not use our PBR.  Well, then they get to
face the music, that Grub doesn't do stuff we need.

> Part 1 should be doable.
> But what is about part 2? Would it be possible or are there technical
> system restrictions making it impossible e.g. like CPU operating modes
> or restrictions to access the BIOS?
> And so any further thinking and investigation in this way is waste of
> time...

We publish the source.  Is that not enough?


Reply | Threaded
Open this post in threaded view
|

Re: Installation in a Xen guest (pvgrub)

Demi M. Obenour
In reply to this post by Markus Kolb
On 2020-07-24 14:36, Markus Kolb wrote:

> Am 24.07.2020 17:30, schrieb Theo de Raadt:
> [...]
>> non-OpenBSD bootloaders will do a shitty job of booting OpenBSD.
>> I'm not going to bother explaining the situation in detail.  People
>> who try to go that way have already decided they don't care about the
>> consequences.
>
> Ok. Thanks.
>
> Are you talking about biosboot or 2nd stage boot?
>
> But would it be in theory possible to program a
> (1) specialized "bootloader" which is bootable by linux-cmd of grub
> and
> (2) this specialized "bootloader" continues with the BSD boot code? At the moment I'm thinking of 2nd stage boot.
> So going from grub 2nd stage via fake-linux-kernel to 2nd stage OpenBSD boot...
>
> Part 1 should be doable.
> But what is about part 2? Would it be possible or are there technical system restrictions making it impossible e.g. like CPU operating modes or restrictions to access the BIOS?
> And so any further thinking and investigation in this way is waste of time...
I highly doubt OpenBSD will work in PVH mode without both kernel
and bootloader changes.  This isn’t specific to OpenBSD, btw.
Windows has the same restriction.  The primary reason is that PVH mode
doesn’t expose any emulated hard drives.  Unless boot(8) has support
for Xen PV block devices, this will prevent it from loading the kernel.

Is there some reason you cannot use HVM?  OpenBSD on Xen works well
in HVM mode.  OpenBSD lacks PV console support, so you will need to
rely on emulated serial and/or VGA, but you do get PV netfront and
blockfront drivers.  That said, don’t expect tight integration with
the host system.  There are no userspace APIs for Xen hypercalls, for
instance, so vchans won’t work.  On the other hand, if you don’t
need any advanced Xen-specific features, OpenBSD will work fine.
PCI passthrough works too.  XenStore can be accessed via hostctl(8).

Are you trying to make OpenBSD work on QubesOS?  If so, I have
an OpenBSD TemplateVM that works somewhat well, although qrexec
and qubesd don’t work due to the aforementioned lack of vchans.
If not, would you mind going into detail about your host configuration?
I suspect that the closer the virtual environment is to bare hardware,
the better OpenBSD will behave.  The host will also need to provide
a DHCP server if you want network autoconfiguration to work.

Sincerely,

Demi



signature.asc (849 bytes) Download Attachment