From nobody Sun Nov 24 09:01:40 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1725545594; cv=none; d=zohomail.com; s=zohoarc; b=ZbTA1Q7vjkQtu3T8uypyTAMYonIdnBCXXKYWQf7CBiOzDju8qXVLh74j5m16vCothYiBM8SYONs8nrL1swfDEDXoFub0qM8UwYiH+uOdfhRjW0eLRtLMoLRAkAItEqW58rP5ZEXn0lK0f5yi2o0AYrgyZr7nPHSyO1s4I05alWw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1725545594; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=TL8vTH4YCMUe51y+p1Vb+X9iCcVEBS/dnuV3VxjoA/s=; b=PadG3z6drxjZNwr7J6HvbBGu/eakxR86/AJlxlSJfgxfktONmN+rGsyPeO8w7oeELLel3RPpNzIrskSde1sjB4frFE9SN5k9LVnBeFXg/Ey7GeWmbv+jclzO7OIsojGSzHtGusPXm2MI6gchKO1hi+1/YH0dFGhtlRI36SGmhXA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1725545594554641.4676070875531; Thu, 5 Sep 2024 07:13:14 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smDDt-00015u-US; Thu, 05 Sep 2024 10:12:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smDDq-00012Q-Fl for qemu-devel@nongnu.org; Thu, 05 Sep 2024 10:12:30 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smDDo-0007cX-CQ for qemu-devel@nongnu.org; Thu, 05 Sep 2024 10:12:29 -0400 Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-341-gxAFKP6lOTW8ZyBkqoc2nw-1; Thu, 05 Sep 2024 10:12:19 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 3D2DC1977320; Thu, 5 Sep 2024 14:12:18 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.114]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 66BE8195608A; Thu, 5 Sep 2024 14:12:17 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 6B6B11801020; Thu, 5 Sep 2024 16:12:11 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1725545541; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TL8vTH4YCMUe51y+p1Vb+X9iCcVEBS/dnuV3VxjoA/s=; b=RR079O/UTkiLlLw9o6RQEfdpI0FpApBdXcfxi6DbLgBVHfTPoFA8kOt67VFnsEP1cC1gbG RsTRlV1PPLWRzsRmc26aEr2l1bOu1A7OZZIJN7Umv58z9sIj3nFJX1uKogPZyeAJuw7k/f pC61ePz+Z5QHSFtU+o6BOlVbYg7QoQY= X-MC-Unique: gxAFKP6lOTW8ZyBkqoc2nw-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Paolo Bonzini , Yanan Wang , Zhao Liu , Eduardo Habkost , Richard Henderson , Marcel Apfelbaum , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , "Michael S. Tsirkin" , Gerd Hoffmann Subject: [PATCH v2 2/5] x86/loader: only patch linux kernels Date: Thu, 5 Sep 2024 16:12:07 +0200 Message-ID: <20240905141211.1253307-3-kraxel@redhat.com> In-Reply-To: <20240905141211.1253307-1-kraxel@redhat.com> References: <20240905141211.1253307-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: 11 X-Spam_score: 1.1 X-Spam_bar: + X-Spam_report: (1.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1725545595855116600 Content-Type: text/plain; charset="utf-8" If the binary loaded via -kernel is *not* a linux kernel (in which case protocol =3D=3D 0), do not patch the linux kernel header fields. It's (a) pointless and (b) might break binaries by random patching and (c) changes the binary hash which in turn breaks secure boot verification. Background: OVMF happily loads and runs not only linux kernels but any efi binary via direct kernel boot. Note: Breaking the secure boot verification is a problem for linux kernels too, but fixed that is left for another day ... Signed-off-by: Gerd Hoffmann --- hw/i386/x86-common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c index 992ea1f25e94..b52903c47fec 100644 --- a/hw/i386/x86-common.c +++ b/hw/i386/x86-common.c @@ -943,7 +943,7 @@ void x86_load_linux(X86MachineState *x86ms, * kernel on the other side of the fw_cfg interface matches the hash o= f the * file the user passed in. */ - if (!sev_enabled()) { + if (!sev_enabled() && protocol > 0) { memcpy(setup, header, MIN(sizeof(header), setup_size)); } =20 --=20 2.46.0