From nobody Mon Feb 9 09:09:08 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75574+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75574+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1621945610; cv=none; d=zohomail.com; s=zohoarc; b=Ve1Wx0hMxi+K8c7Pm+jkjYc1OM7uIfvFMq6rfCrXtnhYayV4phiyKFKn7CIVtWjVOn9yTpV2P8MNZyfckHFIr8xg3iZpzZ3QKmZZErPZwP9JVchqsp+I2JpTescllxqPLBksGcu7JKjNMzMb6RLkOvCv5ELJrRPiPfU+b6L5EOM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1621945610; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=GS5ZbEQnmn4MbgAoUlXGeQozkLd8DlRQywksIfw8OTE=; b=M5kk18Mbh//v05ockv5piiBWcOPVsfW72U3d8itWozdnG4xhq2nGTK6IC+Mu2R7lVAAMig61E+0sLK8Ypvr2lVsLF1asTUkEg0mc+jdLjgBJ4upYJTB06cLUFBczgYt5JQTy7Nz5PxACSPxmqfAQSzctgEAxcEoYvRpENZdUvx4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75574+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1621945610561216.48575223575313; Tue, 25 May 2021 05:26:50 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id jxu7YY1788612xhjvr6GvS58; Tue, 25 May 2021 05:26:50 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web12.5679.1621920690260977132 for ; Mon, 24 May 2021 22:31:30 -0700 X-Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 14P57uol098564; Tue, 25 May 2021 01:31:28 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 38rt5asfx1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 25 May 2021 01:31:28 -0400 X-Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 14P583It099387; Tue, 25 May 2021 01:31:27 -0400 X-Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0a-001b2d01.pphosted.com with ESMTP id 38rt5asfwj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 25 May 2021 01:31:27 -0400 X-Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.0.43/8.16.0.43) with SMTP id 14P5S03n019752; Tue, 25 May 2021 05:31:26 GMT X-Received: from b01cxnp22033.gho.pok.ibm.com (b01cxnp22033.gho.pok.ibm.com [9.57.198.23]) by ppma01dal.us.ibm.com with ESMTP id 38psk91gm3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 25 May 2021 05:31:26 +0000 X-Received: from b01ledav001.gho.pok.ibm.com (b01ledav001.gho.pok.ibm.com [9.57.199.106]) by b01cxnp22033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 14P5VPEL29950340 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 25 May 2021 05:31:25 GMT X-Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 09F092805A; Tue, 25 May 2021 05:31:25 +0000 (GMT) X-Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BA93228059; Tue, 25 May 2021 05:31:24 +0000 (GMT) X-Received: from localhost.localdomain (unknown [9.2.130.16]) by b01ledav001.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 25 May 2021 05:31:24 +0000 (GMT) From: Dov Murik To: devel@edk2.groups.io Cc: Dov Murik , Tobin Feldman-Fitzthum , Tobin Feldman-Fitzthum , Jim Cadden , James Bottomley , Hubertus Franke , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Ashish Kalra , Brijesh Singh , Erdem Aktas , Jiewen Yao , Min Xu , Tom Lendacky Subject: [edk2-devel] [PATCH v1 7/8] OvmfPkg: GenericQemuLoadImageLib: Allow verifying fw_cfg command line Date: Tue, 25 May 2021 05:31:15 +0000 Message-Id: <20210525053116.1533673-8-dovmurik@linux.ibm.com> In-Reply-To: <20210525053116.1533673-1-dovmurik@linux.ibm.com> References: <20210525053116.1533673-1-dovmurik@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 2nC5U7zhfjnRxaB8vTe2zSlM4XR0U7ul X-Proofpoint-GUID: 1s23Vl4yTy_VGWn3nPD1hSLAiRK5dxQj Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dovmurik@linux.ibm.com X-Gm-Message-State: CvcuAhruo0eeq9zd7jSlD5bYx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1621945610; bh=6QqgMrT8u6LFadXr2j1gxwIa7ms1N8U7L+rxfLuT1Qo=; h=Cc:Date:From:Reply-To:Subject:To; b=jPF396FLanZCEFFjI16oOPARkAWQ5CM0ACCpl0nawYRaKdazflKqs7uTzFMgP/8B/d0 mWRIf78eWTAh5GJLxklRfYMKEBKWH5FQlSdTentuL0iDKQX/OxBYvLKy8LyMZWaHBW3pz hoHvQPbZfJksx1mkfvW1ACe6kJVvZepWN+c= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: James Bottomley Add optional hook which calls a verifier with the content of the fw_cfg command line. Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Ashish Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Signed-off-by: James Bottomley --- OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c | 29 +++= +++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLi= b.c b/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c index 114db7e8441f..d3067dae1425 100644 --- a/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c +++ b/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c @@ -51,6 +51,28 @@ STATIC CONST KERNEL_VENMEDIA_FILE_DEVPATH mKernelDeviceP= ath =3D { } }; =20 +STATIC FW_CFG_VERIFIER mVerifier =3D NULL; + +/** + Register a verifier for the Firmware Configuration Filesystem to use + + @param[in] Verifier The verifier to register + + @retval EFI_SUCCESS The verifier was successfully registered +**/ +EFI_STATUS +EFIAPI +RegisterFwCfgVerifier ( + IN FW_CFG_VERIFIER Verifier + ) +{ + if (mVerifier !=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + mVerifier =3D Verifier; + return EFI_SUCCESS; +} + /** Download the kernel, the initial ramdisk, and the kernel command line fr= om QEMU's fw_cfg. The kernel will be instructed via its command line to load @@ -149,6 +171,13 @@ QemuLoadKernelImage ( goto FreeCommandLine; } =20 + if (mVerifier !=3D NULL) { + Status =3D mVerifier (NULL, CommandLine, CommandLineSize); + if (EFI_ERROR (Status)) { + goto FreeCommandLine; + } + } + // // Drop the terminating NUL, convert to UTF-16. // --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75574): https://edk2.groups.io/g/devel/message/75574 Mute This Topic: https://groups.io/mt/83074458/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-