From nobody Fri May 17 20:07:38 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1712733792; cv=none; d=zohomail.com; s=zohoarc; b=kcyTRnq6Qzkmgr66LlIl2rc1Q3Cm/+TixK+f9XOlG1yLXfARwVsyxuj018VqsAh/kk0U5zwZe55hkHpaVB3LNqcrGdsqIK8orXwO7H3N4nWabuGK8OJRYnHPEIKMsu/S6/JxIFlwFYaRn4dv1/51+8qemlphv8WqA7hnyEvk+tA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1712733792; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=YFHcsZ9ZU7AzVfrEPYuL5GwinphPuWA3zfMkUzjgx9U=; b=b5vbVKgrgihgnF2Jw6Hd7iDkuVKRNVwBtVvrm/hgZsgIpC/ncN7M1E6XlptMUbt66JBYRJ1WzPBXDUD1SNLbmnKXn8uK6HshyC51k3a/Mth8bpt1h8HF+z1g/a4UpnHbNFCcj/oL+xxHY2unw2ppmHlHuiX6mteaq0JtIOHTj2w= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1712733792721898.8390831877808; Wed, 10 Apr 2024 00:23:12 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ruSHj-00073F-8Q; Wed, 10 Apr 2024 03:22:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ruSHh-00072p-Lc for qemu-devel@nongnu.org; Wed, 10 Apr 2024 03:22:17 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ruSHf-0003Sl-6l for qemu-devel@nongnu.org; Wed, 10 Apr 2024 03:22:16 -0400 Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-655-3BYxCXgGPXStwm887q0bQw-1; Wed, 10 Apr 2024 03:22:09 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E96503800093; Wed, 10 Apr 2024 07:22:08 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.204]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1090549100; Wed, 10 Apr 2024 07:22:08 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 0A1E918009BB; Wed, 10 Apr 2024 09:21:47 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1712733733; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=YFHcsZ9ZU7AzVfrEPYuL5GwinphPuWA3zfMkUzjgx9U=; b=gjeT7PY4mrVNqaQ4KDKKAf2dZ8mvzHJhpvaSq/BW85Wy9FMi1uF9ehxywOG8n3BmadmAX1 RMVecgQDMixpo0XdiT8I2uulZADZvr/EQ7bACI3egkt0dIqUGDq1je0v05cVnN/ZNm+M7C 1FKF7Ccebeob86sbSoNDLOfuw+oXOJQ= X-MC-Unique: 3BYxCXgGPXStwm887q0bQw-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Gerd Hoffmann , "Michael S. Tsirkin" , Marcel Apfelbaum , Paolo Bonzini , Richard Henderson , Eduardo Habkost Subject: [PATCH] x86/loader: only patch linux kernels Date: Wed, 10 Apr 2024 09:21:26 +0200 Message-ID: <20240410072126.617063-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.1 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -37 X-Spam_score: -3.8 X-Spam_bar: --- X-Spam_report: (-3.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.701, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1712733793940100001 Content-Type: text/plain; charset="utf-8" If the binary loaded via -kernel is *not* a linux kernel (in which case protocol =3D=3D 0), do not patch the linux kernel header fields. It's (a) pointless and (b) might break binaries by random patching and (c) changes the binary hash which in turn breaks secure boot verification. Background: OVMF happily loads and runs not only linux kernels but any efi binary via direct kernel boot. Note: Breaking the secure boot verification is a problem for linux kernels too, but fixed that is left for another day ... Signed-off-by: Gerd Hoffmann --- hw/i386/x86.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/i386/x86.c b/hw/i386/x86.c index ffbda48917fd..765899eebe43 100644 --- a/hw/i386/x86.c +++ b/hw/i386/x86.c @@ -1108,7 +1108,7 @@ void x86_load_linux(X86MachineState *x86ms, * kernel on the other side of the fw_cfg interface matches the hash o= f the * file the user passed in. */ - if (!sev_enabled()) { + if (!sev_enabled() && protocol > 0) { memcpy(setup, header, MIN(sizeof(header), setup_size)); } =20 --=20 2.44.0