From nobody Wed Nov 27 09:12:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1731582145; cv=none; d=zohomail.com; s=zohoarc; b=CSpbulD5ERuQOMLVYhp9KxcOSiTmgqKiF6k/3Ow4Lxya8aXtXnNfwcSdGVL6Q77NPl7mqfGN5+8MSnyvCgyLA3jEADhhQwyUrDsICr2JlWeW42+GxZ96Lh5qkg6evcuIvdGXu1xOtJyenLg10xiIeRj/Zg27fAqYNmFPaikw7W4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1731582145; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=TS0u6je9ZafW2V1VcWsbmkEge2n0hhce8Db5uYbdC3g=; b=F5zEEPPExv2rRXTnFuh3lN86iTXj/NBSA9lDipHWfc3UTRE6dLa5e/+oA6HiqTm2SsBdBMTlUK1dMMx568QTmVqxHaPz3oyPkXfgbNI3Sztnm2mkn2/Lhv6HpJpVwMsK4UcFZD8UegrRQcs/2X3dtHXqsvMWQu6UHqNFr6Cx/uc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 173158214593267.77971234283382; Thu, 14 Nov 2024 03:02:25 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tBXbA-0001sN-7e; Thu, 14 Nov 2024 06:01:16 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tBXb8-0001rr-61 for qemu-devel@nongnu.org; Thu, 14 Nov 2024 06:01:14 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tBXb5-0006uU-RH for qemu-devel@nongnu.org; Thu, 14 Nov 2024 06:01:13 -0500 Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-412-CDYc-ouBMN2Cvu7Ifbw2eA-1; Thu, 14 Nov 2024 06:01:06 -0500 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id C11441955EAB; Thu, 14 Nov 2024 11:01:04 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.193.143]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id D94231956089; Thu, 14 Nov 2024 11:01:03 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id A25CA18009A6; Thu, 14 Nov 2024 12:01:01 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1731582069; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TS0u6je9ZafW2V1VcWsbmkEge2n0hhce8Db5uYbdC3g=; b=SjwTQALgXMu1K0I2ELR5jRbO4RB0HnJ8QtYXuwN9vo5clzNte43riy+D2L6x7krBRG4esl e0SGFGZxqMNiXGI/5pDf0PD4w0YN8ekEShGTqBPMjjbkjiHf/v0flBkVRKNbjPgh15GMhY odWdzMIkBldD4qUwfmeIFPPI9yg/G9A= X-MC-Unique: CDYc-ouBMN2Cvu7Ifbw2eA-1 X-Mimecast-MFC-AGG-ID: CDYc-ouBMN2Cvu7Ifbw2eA From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Yanan Wang , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Zhao Liu , Marcel Apfelbaum , "Michael S. Tsirkin" , Richard Henderson , Eduardo Habkost , Gerd Hoffmann Subject: [PULL 1/5] vl: fix qemu_validate_options() indention Date: Thu, 14 Nov 2024 12:00:57 +0100 Message-ID: <20241114110101.44322-2-kraxel@redhat.com> In-Reply-To: <20241114110101.44322-1-kraxel@redhat.com> References: <20241114110101.44322-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.119, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1731582147227116600 Content-Type: text/plain; charset="utf-8" Signed-off-by: Gerd Hoffmann Message-ID: <20240905141211.1253307-2-kraxel@redhat.com> --- system/vl.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/system/vl.c b/system/vl.c index d217b3d64de7..3bb8f2db9ac4 100644 --- a/system/vl.c +++ b/system/vl.c @@ -2427,15 +2427,15 @@ static void qemu_validate_options(const QDict *mach= ine_opts) const char *kernel_cmdline =3D qdict_get_try_str(machine_opts, "append= "); =20 if (kernel_filename =3D=3D NULL) { - if (kernel_cmdline !=3D NULL) { - error_report("-append only allowed with -kernel option"); - exit(1); - } + if (kernel_cmdline !=3D NULL) { + error_report("-append only allowed with -kernel option"); + exit(1); + } =20 - if (initrd_filename !=3D NULL) { - error_report("-initrd only allowed with -kernel option"); - exit(1); - } + if (initrd_filename !=3D NULL) { + error_report("-initrd only allowed with -kernel option"); + exit(1); + } } =20 if (loadvm && incoming) { --=20 2.47.0 From nobody Wed Nov 27 09:12:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1731582115; cv=none; d=zohomail.com; s=zohoarc; b=TWPWPGFztrHReL9PtdZBUZHSrT1riR5nXCl36RWRpn+J173WyesftdmK1pcPkvojW6j6IpWp+Lc0nvr152H41sTT6o14zHnbM/L3ywOeyhGUY5LX+xCe7Zdre+ZXtpNsCELN2aYtBCua7aBNSzayIHfYHlU5cw4aacOddipLQbo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1731582115; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=82tSYR4nPqAOKacioK5+vZbuqxoj+kBi00Fqe4SIAZo=; b=EpOzp7ZjSLv561ROvHjrTUPUyrW+M9qEEV443MDWGwVw+kjUjus8PFknwmgCZhZ5VcJNhuP+/ldQkKkhkrV6zxxZb/AqX+5ctoCJPqOkNttFwf2lphKVv6k4vnxcrkVrxrN1oO/AgF/+G9GP+omfhGkspMYL+r2gvM/7yQ5fv/c= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 173158211584930.875735079013907; Thu, 14 Nov 2024 03:01:55 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tBXbC-0001tK-P2; Thu, 14 Nov 2024 06:01:18 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tBXbB-0001su-H3 for qemu-devel@nongnu.org; Thu, 14 Nov 2024 06:01:17 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tBXbA-0006v2-2G for qemu-devel@nongnu.org; Thu, 14 Nov 2024 06:01:17 -0500 Received: from mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-464-RREJZOkLOHif_s2belNM6Q-1; Thu, 14 Nov 2024 06:01:10 -0500 Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 3EEEF19540EF; Thu, 14 Nov 2024 11:01:08 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.193.143]) by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 1B81930000DF; Thu, 14 Nov 2024 11:01:07 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id B1C3E18009A8; Thu, 14 Nov 2024 12:01:01 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1731582075; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=82tSYR4nPqAOKacioK5+vZbuqxoj+kBi00Fqe4SIAZo=; b=UlPh0NMz/OqOIpwFCj6acU+FKVyi3iRCyoTlKxj32LyxYjx1cJY7xNeKlf90bQZ3+hPUBE JVDc1mdQlHWTwORbt3Plj3HAh/Ob4LP5Z3YqiCT0Hu6lRmLmFcffs9xU34jgXSvY7c0Hde tW5lLUU918hGgGoSCJomtUUJCj23/To= X-MC-Unique: RREJZOkLOHif_s2belNM6Q-1 X-Mimecast-MFC-AGG-ID: RREJZOkLOHif_s2belNM6Q From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Yanan Wang , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Zhao Liu , Marcel Apfelbaum , "Michael S. Tsirkin" , Richard Henderson , Eduardo Habkost , Gerd Hoffmann Subject: [PULL 2/5] x86/loader: only patch linux kernels Date: Thu, 14 Nov 2024 12:00:58 +0100 Message-ID: <20241114110101.44322-3-kraxel@redhat.com> In-Reply-To: <20241114110101.44322-1-kraxel@redhat.com> References: <20241114110101.44322-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.119, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1731582117126116600 Content-Type: text/plain; charset="utf-8" If the binary loaded via -kernel is *not* a linux kernel (in which case protocol =3D=3D 0), do not patch the linux kernel header fields. It's (a) pointless and (b) might break binaries by random patching and (c) changes the binary hash which in turn breaks secure boot verification. Background: OVMF happily loads and runs not only linux kernels but any efi binary via direct kernel boot. Note: Breaking the secure boot verification is a problem for linux kernels too, but fixed that is left for another day ... Signed-off-by: Gerd Hoffmann Message-ID: <20240905141211.1253307-3-kraxel@redhat.com> --- hw/i386/x86-common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c index bc360a9ea44b..ee047308331a 100644 --- a/hw/i386/x86-common.c +++ b/hw/i386/x86-common.c @@ -943,7 +943,7 @@ void x86_load_linux(X86MachineState *x86ms, * kernel on the other side of the fw_cfg interface matches the hash o= f the * file the user passed in. */ - if (!sev_enabled()) { + if (!sev_enabled() && protocol > 0) { memcpy(setup, header, MIN(sizeof(header), setup_size)); } =20 --=20 2.47.0 From nobody Wed Nov 27 09:12:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1731582104; cv=none; d=zohomail.com; s=zohoarc; b=S/d0if3QyFh2LKO2OG6evOv+9fJq5Dn+44ZvQ5yRb88JuKggkRaif/NtWuuZEKX8Nq7prSUhkWi4cb98gtF6sCltj+EKw0UX22J+4C4JDIyKlczBaso70eqKufbkfJA02H87XDY3tkvZIBx2yEUwX7bL7LQNy2LlY89w57atwVU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1731582104; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=fEnuSJJwnSYvq13EUwUUzChCx6Rs/tEt/YqloQWCWkE=; b=YQdZF+3B4ehO8PoJzm4I9KZRlEmeKiv59KSc03giTx4zcGKJHnwA+NzdU6h4pBwuA/xpZuKcGDesJjIfFYsheoEusQDnrxn8guojt6Wf10vNY3RxK//U9QaoeDoZ1WDmfxgopD6LNIGiruGg/7IhEn9Uh0n0vbj6QNuSIhWdFq4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 173158210487963.69652707112948; Thu, 14 Nov 2024 03:01:44 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tBXbB-0001st-Ft; Thu, 14 Nov 2024 06:01:17 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tBXbA-0001sJ-4B for qemu-devel@nongnu.org; Thu, 14 Nov 2024 06:01:16 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tBXb8-0006ur-MT for qemu-devel@nongnu.org; Thu, 14 Nov 2024 06:01:15 -0500 Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-460-AILLszaENLWaMdgd0i15vQ-1; Thu, 14 Nov 2024 06:01:09 -0500 Received: from mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id DE7181955F35; Thu, 14 Nov 2024 11:01:07 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.193.143]) by mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 1A3861956054; Thu, 14 Nov 2024 11:01:07 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id C11D318009B5; Thu, 14 Nov 2024 12:01:01 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1731582073; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fEnuSJJwnSYvq13EUwUUzChCx6Rs/tEt/YqloQWCWkE=; b=QNT13d11myWOpVYz2yMvKAsGr2SHNhicHbqHYieZXXP0SLcCZJNJd/cI9H62JmqTINnHvl tvtdsjAtclA8zrpkWE7wUlKc7iMsVf1aiUh6bsO/5U54PkgBpuoV4LVQ+gWJA87VBmUALL Pg1iT5eZTsESNcBUgG6BpXUaBZzOShA= X-MC-Unique: AILLszaENLWaMdgd0i15vQ-1 X-Mimecast-MFC-AGG-ID: AILLszaENLWaMdgd0i15vQ From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Yanan Wang , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Zhao Liu , Marcel Apfelbaum , "Michael S. Tsirkin" , Richard Henderson , Eduardo Habkost , Gerd Hoffmann Subject: [PULL 3/5] x86/loader: read complete kernel Date: Thu, 14 Nov 2024 12:00:59 +0100 Message-ID: <20241114110101.44322-4-kraxel@redhat.com> In-Reply-To: <20241114110101.44322-1-kraxel@redhat.com> References: <20241114110101.44322-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.40 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.119, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1731582105555116600 Content-Type: text/plain; charset="utf-8" Load the complete kernel (including setup) into memory. Excluding the setup is handled later when adding the FW_CFG_KERNEL_SIZE and FW_CFG_KERNEL_DATA entries. This is a preparation for the next patch which adds a new fw_cfg file containing the complete, unpatched kernel. No functional change. Signed-off-by: Gerd Hoffmann Message-ID: <20240905141211.1253307-4-kraxel@redhat.com> --- hw/i386/x86-common.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c index ee047308331a..d99bef983e37 100644 --- a/hw/i386/x86-common.c +++ b/hw/i386/x86-common.c @@ -893,7 +893,6 @@ void x86_load_linux(X86MachineState *x86ms, fprintf(stderr, "qemu: invalid kernel header\n"); exit(1); } - kernel_size -=3D setup_size; =20 setup =3D g_malloc(setup_size); kernel =3D g_malloc(kernel_size); @@ -902,6 +901,7 @@ void x86_load_linux(X86MachineState *x86ms, fprintf(stderr, "fread() failed\n"); exit(1); } + fseek(f, 0, SEEK_SET); if (fread(kernel, 1, kernel_size, f) !=3D kernel_size) { fprintf(stderr, "fread() failed\n"); exit(1); @@ -948,10 +948,11 @@ void x86_load_linux(X86MachineState *x86ms, } =20 fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, prot_addr); - fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size); - fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, kernel, kernel_size); - sev_load_ctx.kernel_data =3D (char *)kernel; - sev_load_ctx.kernel_size =3D kernel_size; + fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size - setup_size); + fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, + kernel + setup_size, kernel_size - setup_size); + sev_load_ctx.kernel_data =3D (char *)kernel + setup_size; + sev_load_ctx.kernel_size =3D kernel_size - setup_size; =20 fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_ADDR, real_addr); fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_SIZE, setup_size); --=20 2.47.0 From nobody Wed Nov 27 09:12:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1731582158; cv=none; d=zohomail.com; s=zohoarc; b=M3BKv4NdbCYV1ciy9ErbSzeuUEfJ4ZcT1psdh3gR6DgGMRhzp6tp7vmZZUPRlL8ZB7hm1WA22ig87qtqB3gZekz6ISIWqUnxR0AGpgoFf3ML6kp9cl5xY9zOki65f1vO9V7kKIkAO0XO4bG+IQY630Csk/EoHDPTRObW6EUvt9E= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1731582158; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=b+0IkxOsPiVhoTY8vn3E5+jloutqv/KmfsE+Oh71/nA=; b=mE8wRWTbdgOTwXKr7wmeU8mANPLnry6nQ9zoNYWRkNZ2i5RCzLzhqrsFQuzZKXyd05XG/p4bj+vmU2KjtUhDDQB71VC6K6uoJkFa+O2wx9tMjdJkwb0xHcdjYRGw3OsMpQ6ZrKG+UoHWW3lApmUOyP0oB4Kln+dYFJwaBZjyulo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1731582158119330.7806869807672; Thu, 14 Nov 2024 03:02:38 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tBXbD-0001th-Hk; Thu, 14 Nov 2024 06:01:19 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tBXbC-0001tF-KX for qemu-devel@nongnu.org; Thu, 14 Nov 2024 06:01:18 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tBXbB-0006vB-06 for qemu-devel@nongnu.org; Thu, 14 Nov 2024 06:01:18 -0500 Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-455-HdDEwdYlPRCtW46lWcXqcQ-1; Thu, 14 Nov 2024 06:01:12 -0500 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id AC32619560BE; Thu, 14 Nov 2024 11:01:10 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.193.143]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 1E8F019560A3; Thu, 14 Nov 2024 11:01:10 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id D140D18009BB; Thu, 14 Nov 2024 12:01:01 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1731582076; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=b+0IkxOsPiVhoTY8vn3E5+jloutqv/KmfsE+Oh71/nA=; b=FcFvkJYXz9jXY7gW+fRMZqaAJaIB6tMy00tIn1CurtEhdo8sBbs2zpkFlmoEGC04GCaAby p7lSeK1uLxhwPdwIztKJDpXbxZyYOjvJivXuDRWUeFrBW1lY/9X8/C2EAQMSl0RhHjmbqu nx1+7UxxZ+2UZ/M6J+x2x3e4A2fNDqs= X-MC-Unique: HdDEwdYlPRCtW46lWcXqcQ-1 X-Mimecast-MFC-AGG-ID: HdDEwdYlPRCtW46lWcXqcQ From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Yanan Wang , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Zhao Liu , Marcel Apfelbaum , "Michael S. Tsirkin" , Richard Henderson , Eduardo Habkost , Gerd Hoffmann Subject: [PULL 4/5] x86/loader: expose unpatched kernel Date: Thu, 14 Nov 2024 12:01:00 +0100 Message-ID: <20241114110101.44322-5-kraxel@redhat.com> In-Reply-To: <20241114110101.44322-1-kraxel@redhat.com> References: <20241114110101.44322-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -29 X-Spam_score: -3.0 X-Spam_bar: --- X-Spam_report: (-3.0 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.119, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.738, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1731582159318116600 Content-Type: text/plain; charset="utf-8" Add a new "etc/boot/kernel" fw_cfg file, containing the kernel without the setup header patches. Intended use is booting in UEFI with secure boot enabled, where the setup header patching breaks secure boot verification. Needs OVMF changes too to be actually useful. Signed-off-by: Gerd Hoffmann Message-ID: <20240905141211.1253307-5-kraxel@redhat.com> --- hw/i386/x86-common.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c index d99bef983e37..ac91a3464603 100644 --- a/hw/i386/x86-common.c +++ b/hw/i386/x86-common.c @@ -960,6 +960,9 @@ void x86_load_linux(X86MachineState *x86ms, sev_load_ctx.setup_data =3D (char *)setup; sev_load_ctx.setup_size =3D setup_size; =20 + /* kernel without setup header patches */ + fw_cfg_add_file(fw_cfg, "etc/boot/kernel", kernel, kernel_size); + if (sev_enabled()) { sev_add_kernel_loader_hashes(&sev_load_ctx, &error_fatal); } --=20 2.47.0 From nobody Wed Nov 27 09:12:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1731582119; cv=none; d=zohomail.com; s=zohoarc; b=hOPdjwLrUQ2iErMeMBFPynlpdESwHznwzRNARZ9GryIn+rxC8XrGDwLSFYNuqEt990FiJQ+NpWbLq+MholY4WgpT8YAKs3mblR/rWJR207fKF/AFqNJJpv9k3VzHea2FmIWE1/Z89gh/WshbwoIgbFg+4n1DRnGwHD5uk/1jm4Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1731582119; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=RDUgsV597Ycz5eyMxECn5fuJNPxXqF1CtHr05AstONs=; b=J+TIRWeklCbiUbEIPsiy00eKw33E9ZDwomWANrXoIey9PfT+WIWU4HUM2ADcYCuyb1oAuT8w3DCwRGYyQLq0s5gA2JfMoQyzh/ZaYwDTDLJr9BwHRFUch2O2DHRM3OHwknC5v4MU3E5Xzei+JWvWcG11VvUbcd96yontiw+MzXY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1731582119503733.6109096150087; Thu, 14 Nov 2024 03:01:59 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tBXbE-0001tl-AH; Thu, 14 Nov 2024 06:01:20 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tBXbC-0001t5-Eb for qemu-devel@nongnu.org; Thu, 14 Nov 2024 06:01:18 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tBXbA-0006vC-Uk for qemu-devel@nongnu.org; Thu, 14 Nov 2024 06:01:18 -0500 Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-479-QYc9xq3bMheeRs1_Zy3GEA-1; Thu, 14 Nov 2024 06:01:12 -0500 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id C940D1955EAD; Thu, 14 Nov 2024 11:01:10 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.193.143]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 1F72D1955F43; Thu, 14 Nov 2024 11:01:10 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id EB8D01800D6F; Thu, 14 Nov 2024 12:01:01 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1731582076; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RDUgsV597Ycz5eyMxECn5fuJNPxXqF1CtHr05AstONs=; b=Pipdcz/ByiRqpqVC6zykqQNJ9PLnNsBPVc2Us8VhfTXN6RtYrHHTvGKYq+5a6yiNvt60s1 vmckPblIX7HY4UMlWV7/MxDMir+SPmX3R4coKaojCwzUbZVFovlennc994J1wXDNn/2hC1 0ZNQXDa/Qyd3ZHCHNI/c95Ru5ZgOi4Y= X-MC-Unique: QYc9xq3bMheeRs1_Zy3GEA-1 X-Mimecast-MFC-AGG-ID: QYc9xq3bMheeRs1_Zy3GEA From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Yanan Wang , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Zhao Liu , Marcel Apfelbaum , "Michael S. Tsirkin" , Richard Henderson , Eduardo Habkost , Gerd Hoffmann Subject: [PULL 5/5] x86/loader: add -shim option Date: Thu, 14 Nov 2024 12:01:01 +0100 Message-ID: <20241114110101.44322-6-kraxel@redhat.com> In-Reply-To: <20241114110101.44322-1-kraxel@redhat.com> References: <20241114110101.44322-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -29 X-Spam_score: -3.0 X-Spam_bar: --- X-Spam_report: (-3.0 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.119, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.738, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1731582121331116600 Content-Type: text/plain; charset="utf-8" Add new -shim command line option, wire up for the x86 loader. When specified load shim into the new "etc/boot/shim" fw_cfg file. Needs OVMF changes too to be actually useful. Signed-off-by: Gerd Hoffmann Message-ID: <20240905141211.1253307-6-kraxel@redhat.com> --- include/hw/boards.h | 1 + hw/core/machine.c | 20 ++++++++++++++++++++ hw/i386/x86-common.c | 16 ++++++++++++++++ system/vl.c | 9 +++++++++ qemu-options.hx | 7 +++++++ 5 files changed, 53 insertions(+) diff --git a/include/hw/boards.h b/include/hw/boards.h index 36fbb9b59df8..a013e769b7bb 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -431,6 +431,7 @@ struct MachineState { BootConfiguration boot_config; char *kernel_filename; char *kernel_cmdline; + char *shim_filename; char *initrd_filename; const char *cpu_type; AccelState *accelerator; diff --git a/hw/core/machine.c b/hw/core/machine.c index a35c4a8faecb..0d837e4e6924 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -302,6 +302,21 @@ static void machine_set_kernel(Object *obj, const char= *value, Error **errp) ms->kernel_filename =3D g_strdup(value); } =20 +static char *machine_get_shim(Object *obj, Error **errp) +{ + MachineState *ms =3D MACHINE(obj); + + return g_strdup(ms->shim_filename); +} + +static void machine_set_shim(Object *obj, const char *value, Error **errp) +{ + MachineState *ms =3D MACHINE(obj); + + g_free(ms->shim_filename); + ms->shim_filename =3D g_strdup(value); +} + static char *machine_get_initrd(Object *obj, Error **errp) { MachineState *ms =3D MACHINE(obj); @@ -1071,6 +1086,11 @@ static void machine_class_init(ObjectClass *oc, void= *data) object_class_property_set_description(oc, "kernel", "Linux kernel image file"); =20 + object_class_property_add_str(oc, "shim", + machine_get_shim, machine_set_shim); + object_class_property_set_description(oc, "shim", + "shim.efi file"); + object_class_property_add_str(oc, "initrd", machine_get_initrd, machine_set_initrd); object_class_property_set_description(oc, "initrd", diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c index ac91a3464603..a1a90f5f6e8e 100644 --- a/hw/i386/x86-common.c +++ b/hw/i386/x86-common.c @@ -963,6 +963,22 @@ void x86_load_linux(X86MachineState *x86ms, /* kernel without setup header patches */ fw_cfg_add_file(fw_cfg, "etc/boot/kernel", kernel, kernel_size); =20 + if (machine->shim_filename) { + GMappedFile *mapped_file; + GError *gerr =3D NULL; + + mapped_file =3D g_mapped_file_new(machine->shim_filename, false, &= gerr); + if (!mapped_file) { + fprintf(stderr, "qemu: error reading shim %s: %s\n", + machine->shim_filename, gerr->message); + exit(1); + } + + fw_cfg_add_file(fw_cfg, "etc/boot/shim", + g_mapped_file_get_contents(mapped_file), + g_mapped_file_get_length(mapped_file)); + } + if (sev_enabled()) { sev_add_kernel_loader_hashes(&sev_load_ctx, &error_fatal); } diff --git a/system/vl.c b/system/vl.c index 3bb8f2db9ac4..91926e09c735 100644 --- a/system/vl.c +++ b/system/vl.c @@ -2423,6 +2423,7 @@ static void configure_accelerators(const char *progna= me) static void qemu_validate_options(const QDict *machine_opts) { const char *kernel_filename =3D qdict_get_try_str(machine_opts, "kerne= l"); + const char *shim_filename =3D qdict_get_try_str(machine_opts, "shim"); const char *initrd_filename =3D qdict_get_try_str(machine_opts, "initr= d"); const char *kernel_cmdline =3D qdict_get_try_str(machine_opts, "append= "); =20 @@ -2432,6 +2433,11 @@ static void qemu_validate_options(const QDict *machi= ne_opts) exit(1); } =20 + if (shim_filename !=3D NULL) { + error_report("-shim only allowed with -kernel option"); + exit(1); + } + if (initrd_filename !=3D NULL) { error_report("-initrd only allowed with -kernel option"); exit(1); @@ -2914,6 +2920,9 @@ void qemu_init(int argc, char **argv) case QEMU_OPTION_kernel: qdict_put_str(machine_opts_dict, "kernel", optarg); break; + case QEMU_OPTION_shim: + qdict_put_str(machine_opts_dict, "shim", optarg); + break; case QEMU_OPTION_initrd: qdict_put_str(machine_opts_dict, "initrd", optarg); break; diff --git a/qemu-options.hx b/qemu-options.hx index dacc9790a4b8..cc694d3b890c 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -4145,6 +4145,13 @@ SRST or in multiboot format. ERST =20 +DEF("shim", HAS_ARG, QEMU_OPTION_shim, \ + "-shim shim.efi use 'shim.efi' to boot the kernel\n", QEMU_ARCH_ALL) +SRST +``-shim shim.efi`` + Use 'shim.efi' to boot the kernel +ERST + DEF("append", HAS_ARG, QEMU_OPTION_append, \ "-append cmdline use 'cmdline' as kernel command line\n", QEMU_ARCH_AL= L) SRST --=20 2.47.0