Currently Intel CPUs in EFI mode with the "Execute Disable Bit" disabled and the 'CONFIG_REQUIRE_NX=y' fail to boot, because this check is performed before trampoline_setup is called, which determines if NX is supported or if it's hidden by 'MSR_IA32_MISC_ENABLE[34] = 1' (if so, re-enables NX).
Signed-off-by: Julian Vetter <[email protected]> --- xen/arch/x86/efi/efi-boot.h | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index 0194720003..8dfd549f12 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -748,18 +748,6 @@ static void __init efi_arch_cpu(void) if ( (eax >> 16) == 0x8000 && eax > 0x80000000U ) { caps[FEATURESET_e1d] = cpuid_edx(0x80000001U); - - /* - * This check purposefully doesn't use cpu_has_nx because - * cpu_has_nx bypasses the boot_cpu_data read if Xen was compiled - * with CONFIG_REQUIRE_NX - */ - if ( IS_ENABLED(CONFIG_REQUIRE_NX) && - !boot_cpu_has(X86_FEATURE_NX) ) - blexit(L"This build of Xen requires NX support"); - - if ( cpu_has_nx ) - trampoline_efer |= EFER_NXE; } } -- 2.51.0 -- Julian Vetter | Vates Hypervisor & Kernel Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech
