From nobody Mon May  6 17:04:40 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12
 as permitted sender) client-ip=66.175.222.12;
 envelope-from=bounce+27952+61301+1787277+3901457@groups.io;
 helo=web01.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as
 permitted sender)
  smtp.mailfrom=bounce+27952+61301+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1592232326; cv=none;
	d=zohomail.com; s=zohoarc;
	b=OCEK33DkcpiO/W7WPk3PqFtH7QDz2nj/y8NR2TzFTfI0C4pIH3XOj1Q+TSgw8zbPbJGJhZgVEqOHZTbWru6M8VGhYHzJTzrtKBJvooXtZN154jYhIMSQPJ/KRzsjjpJ6jObblmYRPvxsa1ZHMh+41Ao13j1vWTjoggYsDT6J9n8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1592232326;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To;
	bh=qXGk6rKdKIPUWzbCVasnG6B33Qmm3HGlJMpR35FvbLQ=;
	b=Ef2SdLpZC1PAw5vXNPR/nEhQiu1VNOhdcg1B5sNvKXPiWAmvawxmMWP8AwHLkr9eQAGFcTnMm/EwS0rqcZCq2zOAe4tA7TVIOGcPBzHb2syVIR4GpPTZCckxSYC99c3Q0uW2szKy3Re1QMHtolnCjAgP8anCb8CpsL9QDWSV/qw=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as
 permitted sender)
  smtp.mailfrom=bounce+27952+61301+1787277+3901457@groups.io;
	dmarc=fail header.from=<lersek@redhat.com> (p=none dis=none)
 header.from=<lersek@redhat.com>
Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by
 mx.zohomail.com
	with SMTPS id 1592232326172850.532668402934;
 Mon, 15 Jun 2020 07:45:26 -0700 (PDT)
Return-Path: <bounce+27952+61301+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id 2aLYYY1788612xrAkAQ5lDIN;
 Mon, 15 Jun 2020 07:45:25 -0700
X-Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com
 [205.139.110.120])
 by mx.groups.io with SMTP id smtpd.web11.19704.1592232324897322699
 for <devel@edk2.groups.io>;
 Mon, 15 Jun 2020 07:45:25 -0700
X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-508-E3G9XDF_NyukXkw3TzikXg-1; Mon, 15 Jun 2020 10:45:17 -0400
X-MC-Unique: E3G9XDF_NyukXkw3TzikXg-1
X-Received: from smtp.corp.redhat.com
 (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9D28C5AEC1;
	Mon, 15 Jun 2020 14:45:16 +0000 (UTC)
X-Received: from lacos-laptop-7.usersys.redhat.com
 (ovpn-112-132.ams2.redhat.com [10.36.112.132])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 7055F7CAAE;
	Mon, 15 Jun 2020 14:45:15 +0000 (UTC)
From: "Laszlo Ersek" <lersek@redhat.com>
To: edk2-devel-groups-io <devel@edk2.groups.io>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	=?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Subject: [edk2-devel] [PATCH] Revert "OvmfPkg: use generic QEMU image loader
 for secure boot enabled builds"
Date: Mon, 15 Jun 2020 16:45:14 +0200
Message-Id: <20200615144514.24597-1-lersek@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Precedence: Bulk
List-Unsubscribe: <https://edk2.groups.io/g/devel/unsub>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,lersek@redhat.com
X-Gm-Message-State: NNJYJvPhyPmfwHvM6dggVGWUx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1592232325;
 bh=qXGk6rKdKIPUWzbCVasnG6B33Qmm3HGlJMpR35FvbLQ=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=p6K8my4L6USUOqVPHsbecWHZ6C8RBjwl4w7dqmOwbBtBTPV2wmBWCXvbcncKaOFP5dR
 QTGuPVcRbs5jgU6ER5HsfdR09KwsBskCmCjaaT2MESkL1LYvhwAs1YSQMWAMfyzeGoC+V
 V186YStuv6Gynlgg4IFOQS/tbmjThKa94BA=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Type: text/plain; charset="utf-8"

This reverts commit ced77332cab626f35fbdb36630be27303d289d79.

The command

  virt-install --location NETWORK-URL

downloads the vmlinuz and initrd files from the remote OS tree, and passes
them to the guest firmware via fw_cfg.

When used with IA32 / X64 guests, virt-install expects the guest firmware
to do two things, at the same time:

- launch the fw_cfg kernel image even if the latter does not pass SB
  verification (SB checking is supposed to be bypassed entirely in favor
  of the Linux/x86 Boot Protocol),

- still let the guest kernel perceive SB as enabled.

Commit ced77332cab6 prevented this, by removing the Linux/x86 Boot
Protocol from such an OVMF image that was built with SECURE_BOOT_ENALBE.
While that's the right thing in theory, in practice "virt-install
--location NETWORK-URL" is entrenched, and we shouldn't break it.

We can tolerate the Linux/x86 Boot Protocol as a one-of-a-kind SB bypass
for direct-booted kernels, because:

- the fw_cfg content comes from QEMU, and the guest is already at QEMU's
  mercy,

- in the guest, OS boots after the initial installation will use "shim"
  rather than an fw_cfg kernel, which we can consider somewhat similar to
  "Audit Mode / Deployed Mode" (~ trust for install, lock down after).

Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Philippe Mathieu-Daud=C3=A9 <philmd@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
---

Notes:
    - pick up Ard's ACK from
   =20
      http://mid.mail-archive.com/c06ee730-e421-0aa5-882f-bc09ae9c546f@arm.=
com
      https://edk2.groups.io/g/devel/message/61169
   =20
    - posting to the list to enable feedback on the commit message (I intend
      to push the patch in one or two days)
   =20
    - repo:   https://pagure.io/lersek/edk2.git
      branch: reenable_fwcfg_x86_boot_proto

 OvmfPkg/OvmfPkgIa32.dsc    | 4 ----
 OvmfPkg/OvmfPkgIa32X64.dsc | 4 ----
 OvmfPkg/OvmfPkgX64.dsc     | 4 ----
 3 files changed, 12 deletions(-)

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index d0df9cbbfb2b..16103d177374 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -379,11 +379,7 @@ [LibraryClasses.common.DXE_DRIVER]
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
   QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
-!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE
-  QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoad=
ImageLib.inf
-!else
   QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib=
.inf
-!endif
 !if $(TPM_ENABLE) =3D=3D TRUE
   Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i=
nf
   Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index b3ae62fee92b..9597ef6721da 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -383,11 +383,7 @@ [LibraryClasses.common.DXE_DRIVER]
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
   QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
-!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE
-  QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoad=
ImageLib.inf
-!else
   QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib=
.inf
-!endif
 !if $(TPM_ENABLE) =3D=3D TRUE
   Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i=
nf
   Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index f7fe75ebf531..a6e585c03d41 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -383,11 +383,7 @@ [LibraryClasses.common.DXE_DRIVER]
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
   QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
-!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE
-  QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoad=
ImageLib.inf
-!else
   QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib=
.inf
-!endif
 !if $(TPM_ENABLE) =3D=3D TRUE
   Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i=
nf
   Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
--=20
2.19.1.3.g30247aa5d201


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#61301): https://edk2.groups.io/g/devel/message/61301
Mute This Topic: https://groups.io/mt/74895863/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-