From: Alexander Graf <agraf@csgraf.de>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
Eduardo Habkost <ehabkost@redhat.com>,
Richard Henderson <richard.henderson@linaro.org>,
Cameron Esfahani <dirty@apple.com>,
Roman Bolshakov <r.bolshakov@yadro.com>,
qemu-arm@nongnu.org, Paolo Bonzini <pbonzini@redhat.com>
Subject: [PATCH 1/8] hvf: Add hypervisor entitlement to output binaries
Date: Thu, 26 Nov 2020 22:50:10 +0100 [thread overview]
Message-ID: <20201126215017.41156-2-agraf@csgraf.de> (raw)
In-Reply-To: <20201126215017.41156-1-agraf@csgraf.de>
In macOS 11, QEMU only gets access to Hypervisor.framework if it has the
respective entitlement. Add an entitlement template and automatically self
sign and apply the entitlement in the build.
Signed-off-by: Alexander Graf <agraf@csgraf.de>
---
accel/hvf/entitlements.plist | 8 ++++++++
meson.build | 30 ++++++++++++++++++++++++++----
scripts/entitlement.sh | 11 +++++++++++
3 files changed, 45 insertions(+), 4 deletions(-)
create mode 100644 accel/hvf/entitlements.plist
create mode 100755 scripts/entitlement.sh
diff --git a/accel/hvf/entitlements.plist b/accel/hvf/entitlements.plist
new file mode 100644
index 0000000000..154f3308ef
--- /dev/null
+++ b/accel/hvf/entitlements.plist
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>com.apple.security.hypervisor</key>
+ <true/>
+</dict>
+</plist>
diff --git a/meson.build b/meson.build
index 5062407c70..2a7ff5560c 100644
--- a/meson.build
+++ b/meson.build
@@ -1844,9 +1844,14 @@ foreach target : target_dirs
}]
endif
foreach exe: execs
- emulators += {exe['name']:
- executable(exe['name'], exe['sources'],
- install: true,
+ exe_name = exe['name']
+ exe_sign = 'CONFIG_HVF' in config_target
+ if exe_sign
+ exe_name += '-unsigned'
+ endif
+
+ emulator = executable(exe_name, exe['sources'],
+ install: not exe_sign,
c_args: c_args,
dependencies: arch_deps + deps + exe['dependencies'],
objects: lib.extract_all_objects(recursive: true),
@@ -1854,7 +1859,24 @@ foreach target : target_dirs
link_depends: [block_syms, qemu_syms] + exe.get('link_depends', []),
link_args: link_args,
gui_app: exe['gui'])
- }
+
+ if exe_sign
+ exe_full = meson.current_build_dir() / exe['name']
+ emulators += {exe['name'] : custom_target(exe['name'],
+ install: true,
+ install_dir: get_option('bindir'),
+ depends: emulator,
+ output: exe['name'],
+ command: [
+ meson.current_source_dir() / 'scripts/entitlement.sh',
+ meson.current_build_dir() / exe['name'] + '-unsigned',
+ meson.current_build_dir() / exe['name'],
+ meson.current_source_dir() / 'accel/hvf/entitlements.plist'
+ ])
+ }
+ else
+ emulators += {exe['name']: emulator}
+ endif
if 'CONFIG_TRACE_SYSTEMTAP' in config_host
foreach stp: [
diff --git a/scripts/entitlement.sh b/scripts/entitlement.sh
new file mode 100755
index 0000000000..7ed9590bf9
--- /dev/null
+++ b/scripts/entitlement.sh
@@ -0,0 +1,11 @@
+#!/bin/sh -e
+#
+# Helper script for the build process to apply entitlements
+
+SRC="$1"
+DST="$2"
+ENTITLEMENT="$3"
+
+rm -f "$2"
+cp -a "$SRC" "$DST"
+codesign --entitlements "$ENTITLEMENT" --force -s - "$DST"
--
2.24.3 (Apple Git-128)
next prev parent reply other threads:[~2020-11-26 21:51 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-26 21:50 [PATCH 0/8] hvf: Implement Apple Silicon Support Alexander Graf
2020-11-26 21:50 ` Alexander Graf [this message]
2020-11-27 4:54 ` [PATCH 1/8] hvf: Add hypervisor entitlement to output binaries Paolo Bonzini
2020-11-27 19:44 ` Roman Bolshakov
2020-11-27 21:17 ` Paolo Bonzini
2020-11-27 21:51 ` Alexander Graf
2020-11-26 21:50 ` [PATCH 2/8] hvf: Move common code out Alexander Graf
2020-11-27 20:00 ` Roman Bolshakov
2020-11-27 21:55 ` Alexander Graf
2020-11-27 23:30 ` Frank Yang
2020-11-30 20:15 ` Frank Yang
2020-11-30 20:33 ` Alexander Graf
2020-11-30 20:55 ` Frank Yang
2020-11-30 21:08 ` Peter Collingbourne
2020-11-30 21:40 ` Alexander Graf
2020-11-30 23:01 ` Peter Collingbourne
2020-11-30 23:18 ` Alexander Graf
2020-12-01 0:00 ` Peter Collingbourne
2020-12-01 0:13 ` Alexander Graf
2020-12-01 8:21 ` [PATCH] arm/hvf: Optimize and simplify WFI handling Peter Collingbourne via
2020-12-01 11:16 ` Alexander Graf
2020-12-01 18:59 ` Peter Collingbourne
2020-12-01 22:03 ` Alexander Graf
2020-12-02 1:19 ` Peter Collingbourne
2020-12-02 1:53 ` Alexander Graf
2020-12-02 4:44 ` Peter Collingbourne
2020-12-03 10:12 ` Roman Bolshakov
2020-12-03 18:30 ` Peter Collingbourne
2020-12-01 16:26 ` Alexander Graf
2020-12-01 20:03 ` Peter Collingbourne
2020-12-01 22:09 ` Alexander Graf
2020-12-01 23:13 ` Alexander Graf
2020-12-02 0:52 ` Peter Collingbourne
2020-12-03 9:41 ` [PATCH 2/8] hvf: Move common code out Roman Bolshakov
2020-12-03 18:42 ` Peter Collingbourne
2020-12-03 22:13 ` Alexander Graf
2020-12-03 23:04 ` Roman Bolshakov
2020-12-01 0:37 ` Roman Bolshakov
2020-11-30 22:10 ` Peter Maydell
2020-12-01 2:49 ` Frank Yang
2020-11-30 22:46 ` Peter Collingbourne
2020-11-26 21:50 ` [PATCH 3/8] arm: Set PSCI to 0.2 for HVF Alexander Graf
2020-11-26 21:50 ` [PATCH 4/8] arm: Synchronize CPU on PSCI on Alexander Graf
2020-11-26 21:50 ` [PATCH 5/8] hvf: Add Apple Silicon support Alexander Graf
2020-11-26 21:50 ` [PATCH 6/8] hvf: Use OS provided vcpu kick function Alexander Graf
2020-11-26 22:18 ` Eduardo Habkost
2020-11-30 2:42 ` Alexander Graf
2020-11-30 7:45 ` Claudio Fontana
2020-11-26 21:50 ` [PATCH 7/8] arm: Add Hypervisor.framework build target Alexander Graf
2020-11-27 4:59 ` Paolo Bonzini
2020-11-26 21:50 ` [PATCH 8/8] hw/arm/virt: Disable highmem when on hypervisor.framework Alexander Graf
2020-11-26 22:14 ` Eduardo Habkost
2020-11-26 22:29 ` Peter Maydell
2020-11-27 16:26 ` Eduardo Habkost
2020-11-27 16:38 ` Peter Maydell
2020-11-27 16:47 ` Eduardo Habkost
2020-11-27 16:53 ` Peter Maydell
2020-11-27 17:17 ` Eduardo Habkost
2020-11-27 18:16 ` Peter Maydell
2020-11-27 18:20 ` Eduardo Habkost
2020-11-27 16:47 ` Peter Maydell
2020-11-30 2:40 ` Alexander Graf
2020-11-26 22:10 ` [PATCH 0/8] hvf: Implement Apple Silicon Support Eduardo Habkost
2020-11-27 17:48 ` Philippe Mathieu-Daudé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201126215017.41156-2-agraf@csgraf.de \
--to=agraf@csgraf.de \
--cc=dirty@apple.com \
--cc=ehabkost@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=r.bolshakov@yadro.com \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).