From nobody Wed Mar 12 12:53:13 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1741250234480892.337773657492;
 Thu, 6 Mar 2025 00:37:14 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 5A27D17CE; Thu,  6 Mar 2025 03:37:13 -0500 (EST)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 4B5C917B9;
	Thu,  6 Mar 2025 03:36:29 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id DA72711D5; Thu,  6 Mar 2025 03:36:25 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 50F5B11D4
	for <devel@lists.libvirt.org>; Thu,  6 Mar 2025 03:36:25 -0500 (EST)
Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-378-iippP3tRPp-ql9kKz4wOxg-1; Thu,
 06 Mar 2025 03:36:23 -0500
Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id AFCAF1801A00
	for <devel@lists.libvirt.org>; Thu,  6 Mar 2025 08:36:22 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.3.236])
	by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 0B99D180AF7B
	for <devel@lists.libvirt.org>; Thu,  6 Mar 2025 08:36:21 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1741250185;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=csXaV4KCmQDGWd4B1GgKi9/HkDCSYvt2kyjIEFdSfJI=;
	b=VhEU1dcsVnUpUYIidSqnorDGIctozTWjbCN30WuD0J2Lsk80lTeaJmZmDAfWetiH+kayzF
	+TBYByk1HlPojvev6RfQ6wK0sD+KtWsW+0B/CphN5mfNMmAiuMXqkls/+dPYC82KJWExb9
	NZGJC+1gRXkQqQn6nZRWS3z/4xbIcmg=
X-MC-Unique: iippP3tRPp-ql9kKz4wOxg-1
X-Mimecast-MFC-AGG-ID: iippP3tRPp-ql9kKz4wOxg_1741250182
From: Michal Privoznik <mprivozn@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH 1/5] conf: Introduce os/shim element
Date: Thu,  6 Mar 2025 09:36:14 +0100
Message-ID: 
 <a9f42a9f186690f4abba2435eb6ac6ba60448e75.1741250151.git.mprivozn@redhat.com>
In-Reply-To: <cover.1741250151.git.mprivozn@redhat.com>
References: <cover.1741250151.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: 3mdcAkY2JpLPZmTxqRmf3thSI_bzvJ7EKwbL8YPc7-U_1741250182
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: NHNBVDXBXBQSV5ZKRGTVGH7BEPXG2MGZ
X-Message-ID-Hash: NHNBVDXBXBQSV5ZKRGTVGH7BEPXG2MGZ
X-MailFrom: mprivozn@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/NHNBVDXBXBQSV5ZKRGTVGH7BEPXG2MGZ/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1741250237171019100
Content-Type: text/plain; charset="utf-8"; x-default="true"

For secure boot environments where <loader/> is signed, it may be
unfeasible to keep the binary up to date (esp. when revoking
certificates contained within). To address that, QEMU introduced
'-shim' cmd line option which side loads another UEFI binary
which can then contain new certification authorities or list of
revocations. Expose it as <shim/> element that's nested under
<os/>, just like kernel and initrd are.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
---
 docs/formatdomain.rst                                |  5 +++++
 src/conf/domain_conf.c                               | 12 ++++++++----
 src/conf/domain_conf.h                               |  1 +
 src/conf/domain_validate.c                           |  6 ++++++
 src/conf/schemas/domaincommon.rng                    |  5 +++++
 .../launch-security-sev-direct.x86_64-latest.xml     |  1 +
 tests/qemuxmlconfdata/launch-security-sev-direct.xml |  1 +
 7 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index cbe378e61d..087e77217e 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -397,6 +397,7 @@ and full virtualized guests.
      <kernel>/root/f8-i386-vmlinuz</kernel>
      <initrd>/root/f8-i386-initrd</initrd>
      <cmdline>console=3DttyS0 ks=3Dhttp://example.com/f8-i386/os/</cmdline>
+     <shim>/path/to/shim.efi</shim>
      <dtb>/root/ppc.dtb</dtb>
    </os>
    ...
@@ -417,6 +418,10 @@ and full virtualized guests.
    The contents of this element specify arguments to be passed to the kern=
el (or
    installer) at boot time. This is often used to specify an alternate pri=
mary
    console (eg serial port), or the installation media source / kickstart =
file
+``shim``
+   Use specified fully-qualified path to load an initial UEFI bootloader t=
hat
+   handles chaining to a trusted full bootloader under secure boot
+   environments.
 ``dtb``
    The contents of this element specify the fully-qualified path to the
    (optional) device tree binary (dtb) image in the host OS.
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index f42b7075ad..907e11cced 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3922,6 +3922,7 @@ virDomainOSDefClear(virDomainOSDef *os)
     g_free(os->kernel);
     g_free(os->initrd);
     g_free(os->cmdline);
+    g_free(os->shim);
     g_free(os->dtb);
     g_free(os->root);
     g_free(os->slic_table);
@@ -17732,6 +17733,7 @@ virDomainDefParseBootKernelOptions(virDomainDef *de=
f,
     def->os.kernel =3D virXPathString("string(./os/kernel[1])", ctxt);
     def->os.initrd =3D virXPathString("string(./os/initrd[1])", ctxt);
     def->os.cmdline =3D virXPathString("string(./os/cmdline[1])", ctxt);
+    def->os.shim =3D virXPathString("string(./os/shim[1])", ctxt);
     def->os.dtb =3D virXPathString("string(./os/dtb[1])", ctxt);
     def->os.root =3D virXPathString("string(./os/root[1])", ctxt);
 }
@@ -17904,10 +17906,10 @@ virDomainDefParseBootOptions(virDomainDef *def,
     /*
      * Booting options for different OS types....
      *
-     *   - A bootloader (and optional kernel+initrd)  (xen)
-     *   - A kernel + initrd                          (xen)
-     *   - A boot device (and optional kernel+initrd) (hvm)
-     *   - An init script                             (exe)
+     *   - A bootloader (and optional kernel+initrd)            (xen)
+     *   - A kernel + initrd                                    (xen)
+     *   - A boot device (and optional kernel+initrd(+shim))    (hvm)
+     *   - An init script                                       (exe)
      */
=20
     switch ((virDomainOSType) def->os.type) {
@@ -28414,6 +28416,8 @@ virDomainDefFormatInternalSetRootName(virDomainDef =
*def,
                           def->os.initrd);
     virBufferEscapeString(buf, "<cmdline>%s</cmdline>\n",
                           def->os.cmdline);
+    virBufferEscapeString(buf, "<shim>%s</shim>\n",
+                          def->os.shim);
     virBufferEscapeString(buf, "<dtb>%s</dtb>\n",
                           def->os.dtb);
     virBufferEscapeString(buf, "<root>%s</root>\n",
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index e7947741bd..32dabfeaa7 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2501,6 +2501,7 @@ struct _virDomainOSDef {
     char *kernel;
     char *initrd;
     char *cmdline;
+    char *shim;
     char *dtb;
     char *root;
     char *slic_table;
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index ad3d17f0fd..6807d8e46a 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -1726,6 +1726,12 @@ virDomainDefOSValidate(const virDomainDef *def,
         }
     }
=20
+    if (def->os.shim && !def->os.kernel) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("shim only allowed with kernel option"));
+        return -1;
+    }
+
     return 0;
 }
=20
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincom=
mon.rng
index 824da9d066..95196bee6e 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -1552,6 +1552,11 @@
           <text/>
         </element>
       </optional>
+      <optional>
+        <element name=3D"shim">
+          <text/>
+        </element>
+      </optional>
       <optional>
         <element name=3D"dtb">
           <ref name=3D"absFilePath"/>
diff --git a/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest=
.xml b/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest.xml
index e289b1e95e..dea8236540 100644
--- a/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest.xml
+++ b/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest.xml
@@ -9,6 +9,7 @@
     <kernel>/vmlinuz</kernel>
     <initrd>/initrd</initrd>
     <cmdline>runme</cmdline>
+    <shim>/shim</shim>
     <boot dev=3D'hd'/>
   </os>
   <cpu mode=3D'custom' match=3D'exact' check=3D'none'>
diff --git a/tests/qemuxmlconfdata/launch-security-sev-direct.xml b/tests/q=
emuxmlconfdata/launch-security-sev-direct.xml
index 80ce6412dd..76277b6278 100644
--- a/tests/qemuxmlconfdata/launch-security-sev-direct.xml
+++ b/tests/qemuxmlconfdata/launch-security-sev-direct.xml
@@ -9,6 +9,7 @@
     <kernel>/vmlinuz</kernel>
     <initrd>/initrd</initrd>
     <cmdline>runme</cmdline>
+    <shim>/shim</shim>
   </os>
   <clock offset=3D'utc'/>
   <on_poweroff>destroy</on_poweroff>
--=20
2.45.3
From nobody Wed Mar 12 12:53:13 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1741250255936329.66609071963546;
 Thu, 6 Mar 2025 00:37:35 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id E14C917F6; Thu,  6 Mar 2025 03:37:34 -0500 (EST)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 04E811645;
	Thu,  6 Mar 2025 03:36:32 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id A7631151D; Thu,  6 Mar 2025 03:36:26 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 2DC7811D4
	for <devel@lists.libvirt.org>; Thu,  6 Mar 2025 03:36:26 -0500 (EST)
Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-425-C-p7Bg-2OEygbEHXwUy5Nw-1; Thu,
 06 Mar 2025 03:36:24 -0500
Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id DC1871954B34
	for <devel@lists.libvirt.org>; Thu,  6 Mar 2025 08:36:23 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.3.236])
	by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 379111828A80
	for <devel@lists.libvirt.org>; Thu,  6 Mar 2025 08:36:22 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1741250185;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=uQYZXnDsIHOc2JGVVQb4nZUwmFjyTUulcvnJe5UCz8Q=;
	b=iz6jnZuZX18CYqwNhW3eQ2kWZzgtzhffVCAhUVN3LyNc4ez7zgjK26O0UgsDg9MFtMU60x
	Y2wIRg6eaGv/RwYgH2iPvcNIY02ngsHmDb5918DcMVc9PONoKlOC/l4V60yOtoPttmNKJY
	AgccRqdPlW9/07UuaPvrokLsv5poDWI=
X-MC-Unique: C-p7Bg-2OEygbEHXwUy5Nw-1
X-Mimecast-MFC-AGG-ID: C-p7Bg-2OEygbEHXwUy5Nw_1741250184
From: Michal Privoznik <mprivozn@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH 2/5] qemu_capabilities: Introduce QEMU_CAPS_MACHINE_SHIM
Date: Thu,  6 Mar 2025 09:36:15 +0100
Message-ID: 
 <a41b526612ec5d06ec457ceececb6b23dad0c7ed.1741250151.git.mprivozn@redhat.com>
In-Reply-To: <cover.1741250151.git.mprivozn@redhat.com>
References: <cover.1741250151.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: h9QieJcTIpC6XLP1toM87k4FvRL0cBzxSmKOZUwGQ40_1741250184
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: YKSL7PDNHOFZWSNNFS2DZY5UUND3WCC6
X-Message-ID-Hash: YKSL7PDNHOFZWSNNFS2DZY5UUND3WCC6
X-MailFrom: mprivozn@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/YKSL7PDNHOFZWSNNFS2DZY5UUND3WCC6/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1741250257037019100
Content-Type: text/plain; charset="utf-8"; x-default="true"

In its commit v9.2.0-323-ga5bd044b15 QEMU introduced another
command line option: -shim. It's used to load kernel. Track
presence of it via QEMU_CAPS_MACHINE_SHIM.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
---
 src/qemu/qemu_capabilities.c                      | 2 ++
 src/qemu/qemu_capabilities.h                      | 1 +
 tests/qemucapabilitiesdata/caps_10.0.0_s390x.xml  | 1 +
 tests/qemucapabilitiesdata/caps_10.0.0_x86_64.xml | 1 +
 4 files changed, 5 insertions(+)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 23b466c36e..762588a270 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -728,6 +728,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
               "machine.virt.aia", /* QEMU_CAPS_MACHINE_VIRT_AIA */
               "virtio-mem-ccw", /* QEMU_CAPS_DEVICE_VIRTIO_MEM_CCW */
               "blockdev-set-active", /* QEMU_CAPS_BLOCKDEV_SET_ACTIVE */
+              "shim", /* QEMU_CAPS_MACHINE_SHIM */
     );
=20
=20
@@ -1774,6 +1775,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsMachi=
nePropsVirt[] =3D {
=20
 static struct virQEMUCapsStringFlags virQEMUCapsMachinePropsGeneric[] =3D {
     { "confidential-guest-support", QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SU=
PPORT },
+    { "shim", QEMU_CAPS_MACHINE_SHIM },
 };
=20
 static struct virQEMUCapsStringFlags virQEMUCapsMachinePropsGenericPC[] =
=3D {
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index ee71331a09..840cb97dbe 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -707,6 +707,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for =
syntax-check */
     QEMU_CAPS_MACHINE_VIRT_AIA, /* -machine virt,aia=3D(none|aplic|aplic-i=
msic), RISC-V only */
     QEMU_CAPS_DEVICE_VIRTIO_MEM_CCW, /* -device virtio-mem-ccw */
     QEMU_CAPS_BLOCKDEV_SET_ACTIVE, /* blockdev-set-active QMP command supp=
orted */
+    QEMU_CAPS_MACHINE_SHIM, /* -shim command line argument */
=20
     QEMU_CAPS_LAST /* this must always be the last item */
 } virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_10.0.0_s390x.xml b/tests/qemuc=
apabilitiesdata/caps_10.0.0_s390x.xml
index bccce19bfc..e0ad72d5d4 100644
--- a/tests/qemucapabilitiesdata/caps_10.0.0_s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_10.0.0_s390x.xml
@@ -142,6 +142,7 @@
   <flag name=3D'query-cpu-model-expansion.deprecated-props'/>
   <flag name=3D'migrate-incoming.exit-on-error'/>
   <flag name=3D'virtio-mem-ccw'/>
+  <flag name=3D'shim'/>
   <version>9002050</version>
   <microcodeVersion>39100285</microcodeVersion>
   <package>v9.2.0-1203-gd6430c17d7</package>
diff --git a/tests/qemucapabilitiesdata/caps_10.0.0_x86_64.xml b/tests/qemu=
capabilitiesdata/caps_10.0.0_x86_64.xml
index 358e06b803..115baf9e93 100644
--- a/tests/qemucapabilitiesdata/caps_10.0.0_x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_10.0.0_x86_64.xml
@@ -212,6 +212,7 @@
   <flag name=3D'netdev-stream-reconnect-miliseconds'/>
   <flag name=3D'migrate-incoming.exit-on-error'/>
   <flag name=3D'blockdev-set-active'/>
+  <flag name=3D'shim'/>
   <version>9002050</version>
   <microcodeVersion>43100285</microcodeVersion>
   <package>v9.2.0-1967-gb69801dd6b</package>
--=20
2.45.3
From nobody Wed Mar 12 12:53:13 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1741250271148239.14701818354263;
 Thu, 6 Mar 2025 00:37:51 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 7A6621725; Thu,  6 Mar 2025 03:37:50 -0500 (EST)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id B43EC1796;
	Thu,  6 Mar 2025 03:36:45 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 69C661734; Thu,  6 Mar 2025 03:36:42 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id B392816F7
	for <devel@lists.libvirt.org>; Thu,  6 Mar 2025 03:36:32 -0500 (EST)
Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-454-nCiwJCP2O8mhZBnRd45YfA-1; Thu,
 06 Mar 2025 03:36:25 -0500
Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 053F3180034D
	for <devel@lists.libvirt.org>; Thu,  6 Mar 2025 08:36:25 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.3.236])
	by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 4C744180AF7A
	for <devel@lists.libvirt.org>; Thu,  6 Mar 2025 08:36:24 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1741250192;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=8bP1RMs/cRbhZchCPD2l5gdDpDkSLBZFCQduewTokNY=;
	b=LIqvhGqBwpw5+TwOx1fU6RyhVdNQ9bYDBBC2BYneajFApA3r6B1sfu1Je3Xd8cmoRiS/d8
	u6saH6Pd5wexK0qpdF/Ey66uP4YEONTEX+KT3USxJwt9uZvyuENZE0MSXY4Tx87zmM2Vsz
	Zeoqh7dktpBEuYURzBLPgODLluQe8NM=
X-MC-Unique: nCiwJCP2O8mhZBnRd45YfA-1
X-Mimecast-MFC-AGG-ID: nCiwJCP2O8mhZBnRd45YfA_1741250185
From: Michal Privoznik <mprivozn@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH 3/5] qemu_validate: Check whether UEFI shim is supported
Date: Thu,  6 Mar 2025 09:36:16 +0100
Message-ID: 
 <0696727024ddb0c3f5a09957f7f9344837b460fd.1741250151.git.mprivozn@redhat.com>
In-Reply-To: <cover.1741250151.git.mprivozn@redhat.com>
References: <cover.1741250151.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: c0S8vrDLe6yNdAvHFKUvQk-g4azk-Q4sxGIliHp3sm4_1741250185
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: 64FKIQY6JLSE36LLXSDLLLG7FHBO4IVM
X-Message-ID-Hash: 64FKIQY6JLSE36LLXSDLLLG7FHBO4IVM
X-MailFrom: mprivozn@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/64FKIQY6JLSE36LLXSDLLLG7FHBO4IVM/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1741250271887019000
Content-Type: text/plain; charset="utf-8"; x-default="true"

If UEFI shim is specified in domain XML but QEMU is too old, then
report an error.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
---
 src/qemu/qemu_validate.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index f3ef1be660..6be8c29b75 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -740,6 +740,13 @@ qemuValidateDomainDefBoot(const virDomainDef *def,
             return -1;
     }
=20
+    if (def->os.shim &&
+        !virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_SHIM)) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("shim is not supported by this QEMU binary"));
+        return -1;
+    }
+
     return 0;
 }
=20
--=20
2.45.3
From nobody Wed Mar 12 12:53:13 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1741250287722610.3022733839813;
 Thu, 6 Mar 2025 00:38:07 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id B334117FF; Thu,  6 Mar 2025 03:38:06 -0500 (EST)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 8D288177A;
	Thu,  6 Mar 2025 03:36:49 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 1596E176C; Thu,  6 Mar 2025 03:36:43 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 62ABC176F
	for <devel@lists.libvirt.org>; Thu,  6 Mar 2025 03:36:34 -0500 (EST)
Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-3-y3XRy8YLPOutQ4mqadrqEQ-1; Thu,
 06 Mar 2025 03:36:26 -0500
Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 1AB1A18001F6
	for <devel@lists.libvirt.org>; Thu,  6 Mar 2025 08:36:26 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.3.236])
	by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 6B724180AF71
	for <devel@lists.libvirt.org>; Thu,  6 Mar 2025 08:36:25 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1741250194;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Bg2GyORSziyBNIC5Qat8ufIdYMfjM1aMv54Tj0yZHb8=;
	b=TnoFhgFbVsPCPGM7YAocjYz9FL+1hg8qTa/uJrpQpPaX9YDyswaa/i+mhbw0Zd7nXINq6y
	IHQ8g3HwCJFgMAwwuRvrYCREPlDVzCJe2F9g1G6s6pnLrMLK/yGXUhyLc5J5Hq6BYmKGv0
	+MmXWEck0WK5Hz9J2ApbWVimt1FEfaI=
X-MC-Unique: y3XRy8YLPOutQ4mqadrqEQ-1
X-Mimecast-MFC-AGG-ID: y3XRy8YLPOutQ4mqadrqEQ_1741250186
From: Michal Privoznik <mprivozn@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH 4/5] qemu_command: Generate cmd line for UEFI shim
Date: Thu,  6 Mar 2025 09:36:17 +0100
Message-ID: 
 <a73681c8ec0a007bb2c8fc90802940b70f346b6d.1741250151.git.mprivozn@redhat.com>
In-Reply-To: <cover.1741250151.git.mprivozn@redhat.com>
References: <cover.1741250151.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: pjv475D3QmA143EIdQ0Qm-z9tOycARxsOhiBJ5Z2SvI_1741250186
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: BIE6Z6MAVKH5RR5CE6ZRYROEGBXHSJQS
X-Message-ID-Hash: BIE6Z6MAVKH5RR5CE6ZRYROEGBXHSJQS
X-MailFrom: mprivozn@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/BIE6Z6MAVKH5RR5CE6ZRYROEGBXHSJQS/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1741250289221019100
Content-Type: text/plain; charset="utf-8"; x-default="true"

Trivial.

Resolves: https://issues.redhat.com/browse/RHEL-68043
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
---
 src/qemu/qemu_command.c                                         | 2 ++
 .../launch-security-sev-direct.x86_64-latest.args               | 1 +
 2 files changed, 3 insertions(+)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 0ad73af335..c3d1d8dd70 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6026,6 +6026,8 @@ qemuBuildBootCommandLine(virCommand *cmd,
         virCommandAddArgList(cmd, "-initrd", def->os.initrd, NULL);
     if (def->os.cmdline)
         virCommandAddArgList(cmd, "-append", def->os.cmdline, NULL);
+    if (def->os.shim)
+        virCommandAddArgList(cmd, "-shim", def->os.shim, NULL);
     if (def->os.dtb)
         virCommandAddArgList(cmd, "-dtb", def->os.dtb, NULL);
     if (def->os.slic_table) {
diff --git a/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest=
.args b/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest.args
index 09df8a7cb6..33f820f5ad 100644
--- a/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest.args
+++ b/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest.args
@@ -29,6 +29,7 @@ XDG_CONFIG_HOME=3D/var/lib/libvirt/qemu/domain--1-QEMUGue=
st1/.config \
 -kernel /vmlinuz \
 -initrd /initrd \
 -append runme \
+-shim /shim \
 -device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0=
x2"}' \
 -blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","no=
de-name":"libvirt-1-storage","read-only":false}' \
 -device '{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-stor=
age","id":"ide0-0-0","bootindex":1}' \
--=20
2.45.3
From nobody Wed Mar 12 12:53:13 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1741250312267407.95451354616;
 Thu, 6 Mar 2025 00:38:32 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 2816816FA; Thu,  6 Mar 2025 03:38:31 -0500 (EST)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 652FF182D;
	Thu,  6 Mar 2025 03:36:51 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 82CED181E; Thu,  6 Mar 2025 03:36:43 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 13056178B
	for <devel@lists.libvirt.org>; Thu,  6 Mar 2025 03:36:35 -0500 (EST)
Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-26-xHC3TNesOJC_84VjxEJqNw-1; Thu,
 06 Mar 2025 03:36:28 -0500
Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 3125A1800EC5
	for <devel@lists.libvirt.org>; Thu,  6 Mar 2025 08:36:27 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.3.236])
	by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 80B28180AF7B
	for <devel@lists.libvirt.org>; Thu,  6 Mar 2025 08:36:26 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1741250194;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=bslgu3oTqzvkhzJDdP2DdWo2INTyGWAU2feb+RQSg8o=;
	b=A7gncQTxpURwPo9pX6BQVgOMrnl5vjn/ZlYQ8dMpUh765gAtNAq/A8oUiz8YmXTW9Of3Ix
	nfyxhwqZcqVj22URtuSSFD9RQSmGY/2FVV/nqVKKddrp/1dKKGN6RPUefSicIDocbPCuwR
	pKX6YYdfUx/PrFCuH6mVtbYjEDd4uQI=
X-MC-Unique: xHC3TNesOJC_84VjxEJqNw-1
X-Mimecast-MFC-AGG-ID: xHC3TNesOJC_84VjxEJqNw_1741250187
From: Michal Privoznik <mprivozn@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH 5/5] security: Set seclabels on UEFI shim
Date: Thu,  6 Mar 2025 09:36:18 +0100
Message-ID: 
 <76264e1b740ec3fe4bf3bcb82786e793a0e387ef.1741250151.git.mprivozn@redhat.com>
In-Reply-To: <cover.1741250151.git.mprivozn@redhat.com>
References: <cover.1741250151.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: u1--X1fcIWjQ47FQMuIua5iEpemGTC2bvfAZyzODK_o_1741250187
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: 5JFXAHH7U4DWTABRWRRRQ4VTAFMSKRDY
X-Message-ID-Hash: 5JFXAHH7U4DWTABRWRRRQ4VTAFMSKRDY
X-MailFrom: mprivozn@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/5JFXAHH7U4DWTABRWRRRQ4VTAFMSKRDY/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1741250313383019100
Content-Type: text/plain; charset="utf-8"; x-default="true"

Again, trivial. Just copy what is done for kernel and initrd.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
---
 src/security/security_dac.c     | 10 ++++++++++
 src/security/security_selinux.c |  9 +++++++++
 src/security/virt-aa-helper.c   |  4 ++++
 3 files changed, 23 insertions(+)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 0505f4e4a3..c3f747a14a 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -2046,6 +2046,10 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mg=
r,
         virSecurityDACRestoreFileLabel(mgr, def->os.initrd) < 0)
         rc =3D -1;
=20
+    if (def->os.shim &&
+        virSecurityDACRestoreFileLabel(mgr, def->os.shim) < 0)
+        rc =3D -1;
+
     if (def->os.dtb &&
         virSecurityDACRestoreFileLabel(mgr, def->os.dtb) < 0)
         rc =3D -1;
@@ -2294,6 +2298,12 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr,
                                    user, group, true) < 0)
         return -1;
=20
+    if (def->os.shim &&
+        virSecurityDACSetOwnership(mgr, NULL,
+                                   def->os.shim,
+                                   user, group, true) < 0)
+        return -1;
+
     if (def->os.dtb &&
         virSecurityDACSetOwnership(mgr, NULL,
                                    def->os.dtb,
diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index cdc32d9b34..cf4283217d 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -3009,6 +3009,10 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager=
 *mgr,
         virSecuritySELinuxRestoreFileLabel(mgr, def->os.initrd, true) < 0)
         rc =3D -1;
=20
+    if (def->os.shim &&
+        virSecuritySELinuxRestoreFileLabel(mgr, def->os.shim, true) < 0)
+        rc =3D -1;
+
     if (def->os.dtb &&
         virSecuritySELinuxRestoreFileLabel(mgr, def->os.dtb, true) < 0)
         rc =3D -1;
@@ -3438,6 +3442,11 @@ virSecuritySELinuxSetAllLabel(virSecurityManager *mg=
r,
                                      data->content_context, true) < 0)
         return -1;
=20
+    if (def->os.shim &&
+        virSecuritySELinuxSetFilecon(mgr, def->os.shim,
+                                     data->content_context, true) < 0)
+        return -1;
+
     if (def->os.dtb &&
         virSecuritySELinuxSetFilecon(mgr, def->os.dtb,
                                      data->content_context, true) < 0)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index c255b64f35..5b27bbd663 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -970,6 +970,10 @@ get_files(vahControl * ctl)
         if (vah_add_file(&buf, ctl->def->os.initrd, "r") !=3D 0)
             goto cleanup;
=20
+    if (ctl->def->os.shim)
+        if (vah_add_file(&buf, ctl->def->os.shim, "r") !=3D 0)
+            goto cleanup;
+
     if (ctl->def->os.dtb)
         if (vah_add_file(&buf, ctl->def->os.dtb, "r") !=3D 0)
             goto cleanup;
--=20
2.45.3