From nobody Sun Nov 24 08:33:15 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1725545611; cv=none; d=zohomail.com; s=zohoarc; b=PCWT/XAaSruCK9tHX1eEAl9BdFSy+ED2OtzVWAh+v4mEoWinI6SAvM6+pD/KgRnDPLzvX6rKEsHLwXyk1HNArGHhgAWqgh+LxW9mzK6QDGMTztTYVJcVHNLvjYMwsOL3Zlq4MaRWwseEnjEh/JqXf7UFoNLEWXYntTB/EtIoV6Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1725545611; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=EnSCAvMEDhOTVcUWKcZ6UqOjBQXvtVrMSu6OcmI1xIg=; b=Ccp++B7WVhDRu73T81XfIKqIjiXDSqIKU30jIi6pHQyAemiKUR3g7p8vBQvOz5oO9n2+dc2m0lADvVnOHTnjcqDLmdyW38XGgnnTLp38umpNS/Z2nXtv/pbiZ+iWguit7Rjt4Pe/bFAz5KGgr4BYoQX1RMiPFE4D/LLDJ9QWTiw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1725545611345558.4501172808542; Thu, 5 Sep 2024 07:13:31 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smDE2-0001c9-Ka; Thu, 05 Sep 2024 10:12:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smDE0-0001UH-BE for qemu-devel@nongnu.org; Thu, 05 Sep 2024 10:12:40 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smDDy-0007eT-Qn for qemu-devel@nongnu.org; Thu, 05 Sep 2024 10:12:40 -0400 Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-284-I51-T8iNNhOgu2WiimOcjA-1; Thu, 05 Sep 2024 10:12:35 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id E4B391893D25; Thu, 5 Sep 2024 14:12:20 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.114]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 57AF31956086; Thu, 5 Sep 2024 14:12:20 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 89F851801024; Thu, 5 Sep 2024 16:12:11 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1725545558; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EnSCAvMEDhOTVcUWKcZ6UqOjBQXvtVrMSu6OcmI1xIg=; b=dy1BcyzaPd9VS3dgwGr14Cpf1pr/SJOHh1nw8CfsVR0GpsQRy/Nd4ANFxZaqOh5P6iAtlF r2093q5v7/N4Y0Ki9ClLd1h3nVRWfzCXdFdHP3yMgioW96VDDPyPrBl+yAwV0rLW/k1tk6 pCEpvZN0PP8hKCn3feNlwvtceCvfcco= X-MC-Unique: I51-T8iNNhOgu2WiimOcjA-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Paolo Bonzini , Yanan Wang , Zhao Liu , Eduardo Habkost , Richard Henderson , Marcel Apfelbaum , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , "Michael S. Tsirkin" , Gerd Hoffmann Subject: [PATCH v2 4/5] x86/loader: expose unpatched kernel Date: Thu, 5 Sep 2024 16:12:09 +0200 Message-ID: <20240905141211.1253307-5-kraxel@redhat.com> In-Reply-To: <20240905141211.1253307-1-kraxel@redhat.com> References: <20240905141211.1253307-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: 11 X-Spam_score: 1.1 X-Spam_bar: + X-Spam_report: (1.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1725545613234116600 Content-Type: text/plain; charset="utf-8" Add a new "etc/boot/kernel" fw_cfg file, containing the kernel without the setup header patches. Intended use is booting in UEFI with secure boot enabled, where the setup header patching breaks secure boot verification. Needs OVMF changes too to be actually useful. Signed-off-by: Gerd Hoffmann --- hw/i386/x86-common.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c index 82137e053ae0..63cf41711e72 100644 --- a/hw/i386/x86-common.c +++ b/hw/i386/x86-common.c @@ -960,6 +960,9 @@ void x86_load_linux(X86MachineState *x86ms, sev_load_ctx.setup_data =3D (char *)setup; sev_load_ctx.setup_size =3D setup_size; =20 + /* kernel without setup header patches */ + fw_cfg_add_file(fw_cfg, "etc/boot/kernel", kernel, kernel_size); + if (sev_enabled()) { sev_add_kernel_loader_hashes(&sev_load_ctx, &error_fatal); } --=20 2.46.0