From nobody Tue May 14 15:36:30 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+76265+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+76265+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=linux.ibm.com
ARC-Seal: i=1; a=rsa-sha256; t=1623241118; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Y6vCSRJ7m6pLRp8+kBVBQGcAhuu1e3LIR0M5nXl5nPI9r+B2xnnFqYnXutCSUFSOJYM38Y2w3oW7d1VnxozKo4rVtiJpWkzzD3Jj1Sxa06FFMsxuqvlKELjuYuR6GeRX0s/HBiK2+oWj49o+WFy4+fUgjaYwLTHal/ZCpzubC2E=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1623241118;
 h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To;
	bh=s69GEt6MyHnp4q8t/Sgnub0NoY6fsoQIknQ6I/5Stlk=;
	b=engTXBH5j4JSS0in/a5Ihc7sdR97iwvtX03Xs2u2m+rIl5Bubiy7k3dlt/zcedw3H20qL2oOONlxmdch+xe1QAkkRHLdi2sbKlNRqxjEFNStB8/nop1GDa9OXTUVSiHM447A4ggBYsTR7YB+FSlQFYjkKOWt9Z+v0pul5DV9yQ8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+76265+1787277+3901457@groups.io;
	dmarc=fail header.from=<dovmurik@linux.ibm.com> (p=none dis=none)
 header.from=<dovmurik@linux.ibm.com>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1623241118947442.28755754034205;
 Wed, 9 Jun 2021 05:18:38 -0700 (PDT)
Return-Path: <bounce+27952+76265+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id JwtAYY1788612xoaHfVT9U93;
 Wed, 09 Jun 2021 05:18:38 -0700
X-Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
 [148.163.158.5])
 by mx.groups.io with SMTP id smtpd.web10.6916.1623241117580174712
 for <devel@edk2.groups.io>;
 Wed, 09 Jun 2021 05:18:37 -0700
X-Received: from pps.filterd (m0127361.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id
 159CCIfg054928;
	Wed, 9 Jun 2021 08:18:36 -0400
X-Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 392vkr9umy-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 09 Jun 2021 08:18:36 -0400
X-Received: from m0127361.ppops.net (m0127361.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 159CCNUC055506;
	Wed, 9 Jun 2021 08:18:36 -0400
X-Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com
 [169.55.91.170])
	by mx0a-001b2d01.pphosted.com with ESMTP id 392vkr9umq-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 09 Jun 2021 08:18:36 -0400
X-Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1])
	by ppma02wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 159CDYVu031473;
	Wed, 9 Jun 2021 12:18:35 GMT
X-Received: from b01cxnp23034.gho.pok.ibm.com (b01cxnp23034.gho.pok.ibm.com
 [9.57.198.29])
	by ppma02wdc.us.ibm.com with ESMTP id 3900w9qbg6-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 09 Jun 2021 12:18:35 +0000
X-Received: from b01ledav002.gho.pok.ibm.com (b01ledav002.gho.pok.ibm.com
 [9.57.199.107])
	by b01cxnp23034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 159CIZpF30802362
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Wed, 9 Jun 2021 12:18:35 GMT
X-Received: from b01ledav002.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 0460B124052;
	Wed,  9 Jun 2021 12:18:35 +0000 (GMT)
X-Received: from b01ledav002.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id CA85B124054;
	Wed,  9 Jun 2021 12:18:34 +0000 (GMT)
X-Received: from localhost.localdomain (unknown [9.2.130.16])
	by b01ledav002.gho.pok.ibm.com (Postfix) with ESMTP;
	Wed,  9 Jun 2021 12:18:34 +0000 (GMT)
From: "Dov Murik" <dovmurik@linux.ibm.com>
To: devel@edk2.groups.io
Cc: Dov Murik <dovmurik@linux.ibm.com>, Laszlo Ersek <lersek@redhat.com>,
        Ard Biesheuvel <ardb+tianocore@kernel.org>,
        Jordan Justen <jordan.l.justen@intel.com>,
        James Bottomley <jejb@linux.ibm.com>,
        Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
Subject: [edk2-devel] [PATCH v1 0/3] OvmfPkg: Use QemuKernelLoaderFs to read
 cmdline/initrd
Date: Wed,  9 Jun 2021 12:18:25 +0000
Message-Id: <20210609121828.1884825-1-dovmurik@linux.ibm.com>
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: kdUzNROx4Id8wzIyscK9bGGuKbB7J7Qp
X-Proofpoint-ORIG-GUID: PZZvXC6PThHhbd-v0SNcie8NQitoqGCm
X-Proofpoint-UnRewURL: 0 URL was un-rewritten
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,dovmurik@linux.ibm.com
X-Gm-Message-State: f62VDrt2oMFGK7YdtiZQOOzVx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1623241118;
 bh=8MMyjjmE6Vr9LWX+HhbhymTYjQ0MTLmM7hswbkARZsk=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=VBG1Vt4PYccL8SSIB4d56NDvPwj4vRKNyR7egRAcOemxqRakDOEDPUjFKmGs/ifWop0
 jo9egRiCKFBCm/kzRUu7YDeOooU60rxRyx21Mb5sU41OPILgEW2v7w/byddmadNe/uraH
 oh4FJTSVSEjbnpcpLbn0ieKTc9SyOjyHkIQ=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Type: text/plain; charset="utf-8"

In order to support measured SEV boot with kernel/initrd/cmdline, we'd
like to have one place that reads those blobs; in the future we'll add
the measurement and verification in that place.

We already have a synthetic filesystem (QemuKernelLoaderFs) which holds
three files: "kernel", "initrd", and "cmdline".  The kernel is indeed
read from this filesystem in LoadImage; but the cmdline (and the length
of initrd) are read from QemuFwCfgLib items.

This patch series modifies GenericQemuLoadImageLib to read cmdline (and
the initrd size) from the QemuKernelLoaderFs synthetic filesystem, thus
removing the dependency on QemuFwCfgLib.

Note that X86QemuLoadImageLib is not modified, because it contains a
QemuLoadLegacyImage() which reads other items of the QemuFwCfg which are
not available in QemuKernelLoaderFs.  Since we don't want to support the
legacy boot path in the future measured SEV boot, we leave
X86QemuLoadImageLib as-is (except for a comment addition in patch 3) and
will force use for GenericQemuLoadImageLib in the measured SEV boot
implementation.

Relevant discussion threads start in:
https://edk2.groups.io/g/devel/message/76069

To test this on x86_64, I forced the use of GenericQemuLoadImageLib
using the following local patch:


diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 0a237a905866..46442b543bcf 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -404,7 +404,7 @@ [LibraryClasses.common.DXE_DRIVER]
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
   QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
-  QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib=
.inf
+  QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoad=
ImageLib.inf # XXX don't commit this or someone will be mad
 !if $(TPM_ENABLE) =3D=3D TRUE
   Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i=
nf
   Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf


I tested boot with QEMU and OVMF with the following QEMU arguments:

  -kernel a
  -kernel a -initrd b
  -kernel a -cmdline c
  -kernel a -initrd b -cmdline c

(and also without -kernel)


Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>

Dov Murik (3):
  Revert "OvmfPkg/QemuKernelLoaderFsDxe: don't expose kernel command
    line"
  OvmfPkg/GenericQemuLoadImageLib: Read cmdline from QemuKernelLoaderFs
  OvmfPkg/X86QemuLoadImageLib: State dependency on fw_cfg in file header

 OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf |   2 =
+-
 OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c   | 132 =
++++++++++++++++++--
 OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c           |   3 +
 OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c               |  11 =
+-
 4 files changed, 137 insertions(+), 11 deletions(-)

--=20
2.25.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#76265): https://edk2.groups.io/g/devel/message/76265
Mute This Topic: https://groups.io/mt/83418865/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-