09:55 <hannes> FWIW MirageOS 3.9 is released https://discuss.ocaml.org/t/ann-mirageos-3-9-0-released/6668 featuring Xen + PVH support \o/

09:57 <h01ger> yay!

09:58 <Armael> congrats :)

19:22 <gozu> mato: trying out mirage-pvh, and it ... just works. much appreciated.

19:24 <gozu> mato: trying to boot it through grub2 failes with grub (rightly) pointing out there is no multiboot header (aka elfnote of the right type). briefly pingponged with marmarek about it, basicly seeing two options.

19:25 <gozu> mato: a) add support for the "plain xen elf" to grub, or b) adding a grub-multiboot header to the binary.

19:26 <gozu> mato: for reasons of "i had to look inside grub before and lockdown2 is straining my liver too much already" i am trending to (b) ... for which your input would be appreciated since i dont know a whole lot about the ocaml/mirage build sys and my guess is "some linker poking required".

19:52 <mato> gozu: why do you want to boot with grub2 in the first place?

19:53 <mato> gozu: i don't understand the use-case, since the direct elf boot works fine...?

20:26 <gozu> mato: for qubes, it is a question of how the kernel is delivered. straight booting the kernel means it needs to be installed into dom0 in some way, which is ... less desirable from a security point of view compared to the alternative: installing it as a template-vm.

20:26 <gozu> mato: for the "as a template" way, the template rootfs basicly just contains the grub.cfg and mirage (or other) kernel, and dom0 just starts grub and points it at the rootfs.

20:27 <gozu> mato: this has worked reasonably well for the last year or so using virtmode pv.

20:29 <gozu> (oh, closer to two years ny now. though whether 2020 counts is up to debate)

20:31 <gozu> the "template" way is required for other targets (like "someone makes a freebsd teplate") anyways, the nice thing about this working for mirage too is that it would allow having just "one" solution for "installing vms from untrusted sources" instead of two very different ones.

20:47 <mato> gozu: mmm... can you email me with a long-form of what you actually want, and cc marmarek or relevant folks? irc is too transient for this.

20:47 <mato> gozu: firstname@lastname.net

20:49 <gozu> mato: hm, would rather have it somewhere "more open", and by that i dont mean crossposting to several MLs. github issue ok with you?

20:50 <mato> gozu: that's also fine, yes

20:51 <gozu> mato: ok, will see to that tomorrow. thanks for the replies!

20:51 <mato> gozu: you're welcome. i probably won't respond until next week in detail, taking some days off now.

20:54 <gozu> mato: not in a hurry about that at all, was just looking at templated-mirage-pvh today because this was the first time i got mirage-pvh working at all. (and fiddling with the boot path is so much easier when you know the kernel works...)