From nobody Tue Feb 10 02:28:12 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+55152+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+55152+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1583134199; cv=none; d=zohomail.com; s=zohoarc; b=aJLf64jGZeH+q50dVYYGVTrFbY8uJwo5ZqrmiW2JyJNOK4fJK9N0SUc9gkm8NIdZnXeOo52eY+Hp4r+ayWZp63w0pZmPK7Y41AROEnRmDR84bL/qexI+Lxzx9+3nb75eJu+3U0ECnapHhjTuPh5hJCExXE7L7DjUg6NbuzfhOdQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1583134199; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To; bh=kKYAw813G2SPXFa3qTEGM6qghbVETjMiD7bgMpCsN8A=; b=FeYqVkYwwM8V91mbnejEJYRjXUEySbhm474ApEvyZW0e2ZSWBICWDYVcmi04YFSwGDPSen5uVVM58YT7NveSVYyuGgHJ+Imqr8XmScySRvsEHUYk2SgnpkP/UW1kixm27AvJc1v95l19e0Q3RfOiPow2Y6pjrWEAdRtcwKYh7TQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+55152+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1583134199641719.828400606861; Sun, 1 Mar 2020 23:29:59 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id W7QQYY1788612xWStprNnh8l; Sun, 01 Mar 2020 23:29:58 -0800 X-Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by mx.groups.io with SMTP id smtpd.web12.10946.1583134197792851718 for ; Sun, 01 Mar 2020 23:29:58 -0800 X-Received: by mail-wm1-f65.google.com with SMTP id 6so1382820wmi.5 for ; Sun, 01 Mar 2020 23:29:57 -0800 (PST) X-Gm-Message-State: m7t3Lw2qyTsBWtM6P5DKh8oNx1787277AA= X-Google-Smtp-Source: APXvYqwPAquq3xOBqjJJHubST5N165ldzyObbr5U8OnW8M8PZaO1PpuHNEvscJQRuub5kPCzPfyuiA== X-Received: by 2002:a7b:c257:: with SMTP id b23mr17864673wmj.70.1583134196058; Sun, 01 Mar 2020 23:29:56 -0800 (PST) X-Received: from e123331-lin.home ([2a01:cb1d:112:6f00:816e:ff0d:fb69:f613]) by smtp.gmail.com with ESMTPSA id z131sm6347153wmg.25.2020.03.01.23.29.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 01 Mar 2020 23:29:55 -0800 (PST) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: lersek@redhat.com, Ard Biesheuvel Subject: [edk2-devel] [PATCH 13/13] OvmfPkg: use generic QEMU image loader for secure boot enabled builds Date: Mon, 2 Mar 2020 08:29:36 +0100 Message-Id: <20200302072936.29221-14-ard.biesheuvel@linaro.org> In-Reply-To: <20200302072936.29221-1-ard.biesheuvel@linaro.org> References: <20200302072936.29221-1-ard.biesheuvel@linaro.org> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ard.biesheuvel@linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1583134198; bh=xkRwV4ec0E0WzK/S8On4nZD2oNB3KEv6A6C6TbK2CEM=; h=Cc:Date:From:Reply-To:Subject:To; b=NuLr3HAirVcuAfkQKgYw7sdQ8jz5L14JdFHPqD5YgGoHOldRiqAx6AzhblUQ4F3CF53 hy7Gwjn+KnGjQ2gpFZ8fRE/zc5yjJc9g7n5FQSKNS4zzj7pSPrxpLWg9UESfCCRAnGW7q 4fgoX7njEOdzUcEdW1V4WAiuqf/wN7da8uQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The QemuLoadImageLib implementation we currently use for all OVMF builds copies the behavior of the QEMU loader code that precedes it, which is to disregard UEFI secure boot policies entirely when it comes to loading kernel images that have been specified on the QEMU command line. This behavior deviates from ArmVirtQemu based builds, which do take UEFI secure boot policies into account, and refuse to load images from the command line that cannot be authenticated. The disparity was originally due to the fact that the QEMU command line kernel loader did not use LoadImage and StartImage at all, but this changed recently, and now, there are only a couple of reasons left to stick with the legacy loader: - it permits loading images that lack a valid PE/COFF header, - it permits loading X64 kernels on IA32 firmware running on a X64 capable system. Since every non-authentic PE/COFF image can trivially be converted into an image that lacks a valid PE/COFF header, the former case can simply not be supported in a UEFI secure boot context. The latter case is highly theoretical, given that one could easily switch to native X64 firmware in a VM scenario. That leaves us with little justification to use the legacy loader at all when UEFI secure boot policies are in effect, so let's switch to the generic loader for UEFI secure boot enabled builds. Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2566 Signed-off-by: Ard Biesheuvel Reviewed-by: Laszlo Ersek --- OvmfPkg/OvmfPkgIa32.dsc | 4 ++++ OvmfPkg/OvmfPkgIa32X64.dsc | 4 ++++ OvmfPkg/OvmfPkgX64.dsc | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 2cc924a6986a..eceddb71948f 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -361,7 +361,11 @@ [LibraryClasses.common.DXE_DRIVER] PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoad= ImageLib.inf +!else QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib= .inf +!endif !if $(TPM2_ENABLE) =3D=3D TRUE Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf !endif diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 21d1f156973b..8bdf2e692b00 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -365,7 +365,11 @@ [LibraryClasses.common.DXE_DRIVER] PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoad= ImageLib.inf +!else QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib= .inf +!endif !if $(TPM2_ENABLE) =3D=3D TRUE Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf !endif diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index f3d0f18db7e2..bc0a3e438d2a 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -365,7 +365,11 @@ [LibraryClasses.common.DXE_DRIVER] PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoad= ImageLib.inf +!else QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib= .inf +!endif !if $(TPM2_ENABLE) =3D=3D TRUE Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf !endif --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#55152): https://edk2.groups.io/g/devel/message/55152 Mute This Topic: https://groups.io/mt/71669027/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-