From: Zhuoying Cai <zycai@linux.ibm.com>
To: thuth@redhat.com, richard.henderson@linaro.org, david@redhat.com,
pbonzini@redhat.com
Cc: walling@linux.ibm.com, jjherne@linux.ibm.com,
jrossi@linux.ibm.com, fiuczy@linux.ibm.com, pasic@linux.ibm.com,
borntraeger@linux.ibm.com, farman@linux.ibm.com,
iii@linux.ibm.com, qemu-s390x@nongnu.org, qemu-devel@nongnu.org,
zycai@linux.ibm.com
Subject: [PATCH v2 15/25] pc-bios/s390-ccw: Refactor zipl_run()
Date: Thu, 8 May 2025 18:50:31 -0400 [thread overview]
Message-ID: <20250508225042.313672-16-zycai@linux.ibm.com> (raw)
In-Reply-To: <20250508225042.313672-1-zycai@linux.ibm.com>
Refactor to enhance readability before enabling secure IPL in later
patches.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
---
pc-bios/s390-ccw/bootmap.c | 58 ++++++++++++++++++++++----------------
1 file changed, 34 insertions(+), 24 deletions(-)
diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
index 0f8baa0198..485b55f1bf 100644
--- a/pc-bios/s390-ccw/bootmap.c
+++ b/pc-bios/s390-ccw/bootmap.c
@@ -674,6 +674,38 @@ static int zipl_load_segment(ComponentEntry *entry)
return 0;
}
+static int zipl_run_normal(ComponentEntry *entry, uint8_t *tmp_sec)
+{
+ while (entry->component_type == ZIPL_COMP_ENTRY_LOAD ||
+ entry->component_type == ZIPL_COMP_ENTRY_SIGNATURE) {
+
+ /* Secure boot is off, so we skip signature entries */
+ if (entry->component_type == ZIPL_COMP_ENTRY_SIGNATURE) {
+ entry++;
+ continue;
+ }
+
+ if (zipl_load_segment(entry)) {
+ return -1;
+ }
+
+ entry++;
+
+ if ((uint8_t *)(&entry[1]) > (tmp_sec + MAX_SECTOR_SIZE)) {
+ puts("Wrong entry value");
+ return -EINVAL;
+ }
+ }
+
+ if (entry->component_type != ZIPL_COMP_ENTRY_EXEC) {
+ puts("No EXEC entry");
+ return -EINVAL;
+ }
+
+ write_reset_psw(entry->compdat.load_psw);
+ return 0;
+}
+
/* Run a zipl program */
static int zipl_run(ScsiBlockPtr *pte)
{
@@ -700,34 +732,12 @@ static int zipl_run(ScsiBlockPtr *pte)
/* Load image(s) into RAM */
entry = (ComponentEntry *)(&header[1]);
- while (entry->component_type == ZIPL_COMP_ENTRY_LOAD ||
- entry->component_type == ZIPL_COMP_ENTRY_SIGNATURE) {
-
- /* We don't support secure boot yet, so we skip signature entries */
- if (entry->component_type == ZIPL_COMP_ENTRY_SIGNATURE) {
- entry++;
- continue;
- }
-
- if (zipl_load_segment(entry)) {
- return -1;
- }
- entry++;
-
- if ((uint8_t *)(&entry[1]) > (tmp_sec + MAX_SECTOR_SIZE)) {
- puts("Wrong entry value");
- return -EINVAL;
- }
- }
-
- if (entry->component_type != ZIPL_COMP_ENTRY_EXEC) {
- puts("No EXEC entry");
- return -EINVAL;
+ if (zipl_run_normal(entry, tmp_sec)) {
+ return -1;
}
/* should not return */
- write_reset_psw(entry->compdat.load_psw);
jump_to_IPL_code(0);
return -1;
}
--
2.49.0
next prev parent reply other threads:[~2025-05-08 22:53 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-08 22:50 [PATCH v2 00/25] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
2025-05-08 22:50 ` [PATCH v2 01/25] Add -boot-certificates to s390-ccw-virtio machine type option Zhuoying Cai
2025-05-13 14:58 ` Thomas Huth
2025-05-08 22:50 ` [PATCH v2 02/25] hw/s390x/ipl: Create certificate store Zhuoying Cai
2025-05-14 5:43 ` Thomas Huth
2025-05-29 18:49 ` Zhuoying Cai
2025-05-14 9:03 ` Daniel P. Berrangé
2025-05-29 17:51 ` Zhuoying Cai
2025-05-08 22:50 ` [PATCH v2 03/25] s390x: Guest support for Certificate Store Facility (CS) Zhuoying Cai
2025-05-14 6:11 ` Thomas Huth
2025-05-08 22:50 ` [PATCH v2 04/25] s390x/diag: Introduce DIAG 320 for certificate store facility Zhuoying Cai
2025-05-14 8:17 ` Thomas Huth
2025-05-08 22:50 ` [PATCH v2 05/25] s390x/diag: Refactor address validation check from diag308_parm_check Zhuoying Cai
2025-05-08 22:50 ` [PATCH v2 06/25] s390x/diag: Implement DIAG 320 subcode 1 Zhuoying Cai
2025-05-14 15:32 ` Thomas Huth
2025-05-08 22:50 ` [PATCH v2 07/25] s390x/diag: Implement DIAG 320 subcode 2 Zhuoying Cai
2025-05-14 16:18 ` Thomas Huth
2025-05-29 19:09 ` Zhuoying Cai
2025-05-30 6:38 ` Thomas Huth
2025-05-08 22:50 ` [PATCH v2 08/25] s390x/diag: Introduce DIAG 508 for secure IPL operations Zhuoying Cai
2025-05-08 22:50 ` [PATCH v2 09/25] s390x/diag: Implement DIAG 508 subcode 1 for signature verification Zhuoying Cai
2025-05-20 6:11 ` Thomas Huth
2025-05-20 8:16 ` Daniel P. Berrangé
2025-05-08 22:50 ` [PATCH v2 10/25] pc-bios/s390-ccw: Introduce IPL Information Report Block (IIRB) Zhuoying Cai
2025-05-08 22:50 ` [PATCH v2 11/25] pc-bios/s390-ccw: Define memory for IPLB and convert IPLB to pointers Zhuoying Cai
2025-05-20 9:24 ` Thomas Huth
2025-05-08 22:50 ` [PATCH v2 12/25] hw/s390x/ipl: Add IPIB flags to IPL Parameter Block Zhuoying Cai
2025-05-08 22:50 ` [PATCH v2 13/25] hw/s390x/ipl: Set iplb->len to maximum length of " Zhuoying Cai
2025-05-08 22:50 ` [PATCH v2 14/25] s390x: Guest support for Secure-IPL Facility Zhuoying Cai
2025-05-08 22:50 ` Zhuoying Cai [this message]
2025-05-20 9:29 ` [PATCH v2 15/25] pc-bios/s390-ccw: Refactor zipl_run() Thomas Huth
2025-05-08 22:50 ` [PATCH v2 16/25] pc-bios/s390-ccw: Refactor zipl_load_segment function Zhuoying Cai
2025-05-20 9:39 ` Thomas Huth
2025-05-08 22:50 ` [PATCH v2 17/25] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode Zhuoying Cai
2025-05-20 10:25 ` Thomas Huth
2025-05-29 19:28 ` Zhuoying Cai
2025-05-08 22:50 ` [PATCH v2 18/25] s390x: Guest support for Secure-IPL Code Loading Attributes Facility (SCLAF) Zhuoying Cai
2025-05-26 14:46 ` Hendrik Brueckner
2025-05-08 22:50 ` [PATCH v2 19/25] pc-bios/s390-ccw: Add additional security checks for secure boot Zhuoying Cai
2025-05-08 22:50 ` [PATCH v2 20/25] Add -secure-boot to s390-ccw-virtio machine type option Zhuoying Cai
2025-05-21 12:14 ` Thomas Huth
2025-05-08 22:50 ` [PATCH v2 21/25] hw/s390x/ipl: Set IPIB flags for secure IPL Zhuoying Cai
2025-05-21 12:20 ` Thomas Huth
2025-05-08 22:50 ` [PATCH v2 22/25] pc-bios/s390-ccw: Handle true secure IPL mode Zhuoying Cai
2025-05-08 22:50 ` [PATCH v2 23/25] pc-bios/s390-ccw: Handle secure boot with multiple boot devices Zhuoying Cai
2025-05-08 22:50 ` [PATCH v2 24/25] hw/s390x/ipl: Handle secure boot without specifying a boot device Zhuoying Cai
2025-05-08 22:50 ` [PATCH v2 25/25] docs/system/s390x: Add secure IPL documentation Zhuoying Cai
2025-05-21 12:37 ` Thomas Huth
2025-05-23 20:28 ` Collin Walling
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250508225042.313672-16-zycai@linux.ibm.com \
--to=zycai@linux.ibm.com \
--cc=borntraeger@linux.ibm.com \
--cc=david@redhat.com \
--cc=farman@linux.ibm.com \
--cc=fiuczy@linux.ibm.com \
--cc=iii@linux.ibm.com \
--cc=jjherne@linux.ibm.com \
--cc=jrossi@linux.ibm.com \
--cc=pasic@linux.ibm.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
--cc=walling@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.