From: "Michael S. Tsirkin" <mst@redhat.com>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: qemu-devel@nongnu.org, "Eduardo Habkost" <eduardo@habkost.net>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Yanan Wang" <wangyanan55@huawei.com>
Subject: Re: [PATCH 4/5] x86/loader: expose unpatched kernel
Date: Sun, 2 Jun 2024 09:26:09 -0400 [thread overview]
Message-ID: <20240602092541-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <20240411094830.1337658-5-kraxel@redhat.com>
On Thu, Apr 11, 2024 at 11:48:28AM +0200, Gerd Hoffmann wrote:
> Add a new "etc/boot/kernel" fw_cfg file, containing the kernel without
> the setup header patches. Intended use is booting in UEFI with secure
> boot enabled, where the setup header patching breaks secure boot
> verification.
>
> Needs OVMF changes too to be actually useful.
>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
So given we have this, do we still need patch 2?
> ---
> hw/i386/x86.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/hw/i386/x86.c b/hw/i386/x86.c
> index 6f75948b3021..6724e408e576 100644
> --- a/hw/i386/x86.c
> +++ b/hw/i386/x86.c
> @@ -1125,6 +1125,9 @@ void x86_load_linux(X86MachineState *x86ms,
> sev_load_ctx.setup_data = (char *)setup;
> sev_load_ctx.setup_size = setup_size;
>
> + /* kernel without setup header patches */
> + fw_cfg_add_file(fw_cfg, "etc/boot/kernel", kernel, kernel_size);
> +
> if (sev_enabled()) {
> sev_add_kernel_loader_hashes(&sev_load_ctx, &error_fatal);
> }
> --
> 2.44.0
next prev parent reply other threads:[~2024-06-02 13:27 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-11 9:48 [PATCH 0/5] x86/loader: secure boot support for direct kernel load Gerd Hoffmann
2024-04-11 9:48 ` [PATCH 1/5] vl: fix qemu_validate_options() indention Gerd Hoffmann
2024-11-18 12:35 ` Philippe Mathieu-Daudé
2024-04-11 9:48 ` [PATCH 2/5] x86/loader: only patch linux kernels Gerd Hoffmann
2024-12-17 11:09 ` Michael Tokarev
2024-12-17 14:12 ` Gerd Hoffmann
2024-04-11 9:48 ` [PATCH 3/5] x86/loader: read complete kernel Gerd Hoffmann
2024-04-11 9:48 ` [PATCH 4/5] x86/loader: expose unpatched kernel Gerd Hoffmann
2024-06-02 13:26 ` Michael S. Tsirkin [this message]
2024-06-03 9:00 ` Gerd Hoffmann
2024-04-11 9:48 ` [PATCH 5/5] x86/loader: add -shim option Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240602092541-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=eduardo@habkost.net \
--cc=kraxel@redhat.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=pbonzini@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=wangyanan55@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.