From nobody Fri May 17 04:15:51 2024 Delivered-To: importer2@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1712828964; cv=none; d=zohomail.com; s=zohoarc; b=LxB4sJdm3So6s1iY+B2py00rsH7YBGKdy2+3BxTlV5qR3s9Qe03W5PVpxvkPwkco1NYHrr5gacXVwS8kX6FaKo+5wEz87eJf1UJOZPqpcZRvB6RqJ1cgRuP1oOyQZEbEqZ2HRYHTpaGBGYzO0lrWmv8/2mTq3DH7oOD193cX8Pc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1712828964; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=gywRNX+aKWVuwSdGbyoeWVGIjrJ39JGDTzeWj2Aewg8=; b=FmeVEv7EYqPKxODNddaLgDsa2mcJpNZ0Lni44yxt8MLXQ+stqVECpiM5MfujfxP1wgPCgMcRcpaJvcq5IhgfUEXEcLQ/V72zx6HLyEwh1s75q0i5rWRqBN9Y0f5ebl2P5qP+MrfTT2hRbArgyO7zTbuSpZa6ciFDizChlPYPdT0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1712828964890296.9393006569487; Thu, 11 Apr 2024 02:49:24 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rur2z-0006jr-En; Thu, 11 Apr 2024 05:48:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rur2x-0006jj-Th for qemu-devel@nongnu.org; Thu, 11 Apr 2024 05:48:43 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rur2v-000335-FH for qemu-devel@nongnu.org; Thu, 11 Apr 2024 05:48:43 -0400 Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-167-_tO3crPmMVqotTaEyPjdUA-1; Thu, 11 Apr 2024 05:48:36 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 37B5E80171B; Thu, 11 Apr 2024 09:48:36 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.204]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 43C54C27EAE; Thu, 11 Apr 2024 09:48:35 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 50FBD18009A6; Thu, 11 Apr 2024 11:48:30 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1712828920; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gywRNX+aKWVuwSdGbyoeWVGIjrJ39JGDTzeWj2Aewg8=; b=gDMrqkYGgOxccG0VYBobPNHxmdQwHiLqq3qD9ClbtoEC/ht63sAnibagB2Y4DHGRyxjOUA bwDxDrKr/3HXZODb0bY5HSqknAdRACirWjpj8EUxSy6nvBqIGh6vQg41W5O1CepiOvGSsi xNacYZpjoXsOIstsYOezdTXiMVHLIZs= X-MC-Unique: _tO3crPmMVqotTaEyPjdUA-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Eduardo Habkost , Richard Henderson , Marcel Apfelbaum , "Michael S. Tsirkin" , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Paolo Bonzini , Yanan Wang , Gerd Hoffmann Subject: [PATCH 1/5] vl: fix qemu_validate_options() indention Date: Thu, 11 Apr 2024 11:48:25 +0200 Message-ID: <20240411094830.1337658-2-kraxel@redhat.com> In-Reply-To: <20240411094830.1337658-1-kraxel@redhat.com> References: <20240411094830.1337658-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer2=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -40 X-Spam_score: -4.1 X-Spam_bar: ---- X-Spam_report: (-4.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-2.049, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer2=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer2=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1712828967199100003 Content-Type: text/plain; charset="utf-8" Signed-off-by: Gerd Hoffmann --- system/vl.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/system/vl.c b/system/vl.c index c64422298245..0c6201c5bdc5 100644 --- a/system/vl.c +++ b/system/vl.c @@ -2411,15 +2411,15 @@ static void qemu_validate_options(const QDict *mach= ine_opts) const char *kernel_cmdline =3D qdict_get_try_str(machine_opts, "append= "); =20 if (kernel_filename =3D=3D NULL) { - if (kernel_cmdline !=3D NULL) { - error_report("-append only allowed with -kernel option"); - exit(1); - } + if (kernel_cmdline !=3D NULL) { + error_report("-append only allowed with -kernel option"); + exit(1); + } =20 - if (initrd_filename !=3D NULL) { - error_report("-initrd only allowed with -kernel option"); - exit(1); - } + if (initrd_filename !=3D NULL) { + error_report("-initrd only allowed with -kernel option"); + exit(1); + } } =20 if (loadvm && incoming) { --=20 2.44.0 From nobody Fri May 17 04:15:51 2024 Delivered-To: importer2@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1712829000; cv=none; d=zohomail.com; s=zohoarc; b=VFgB2Esxk24+Zr8Up3eXosq3QP2r7w6vFEZ5F6IHiUSicxCsAm4Rd5/2ftL6JO5XXJfzoTPSxSI9S4XxKi3o64DrIxFsCA9m6s7jbnlT9rZ2rzcDCn1OGXiohibMs5faQx+Pq1eA5yiag31FbOAqpWlB7JqxswbyvCAOwMoGVdI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1712829000; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=YFHcsZ9ZU7AzVfrEPYuL5GwinphPuWA3zfMkUzjgx9U=; b=mQpZAkSEnTvpGNznHRxCB8hREjoIew+B+IrSq2VtvlHxr43r91jB9T38A8Ur7VRoUM7YagTuxCLoCrgwQ3TO070rgR3sJDNF4TBZFq3Fma1CImHApAmWyUe4EEqGcqJSW3ki3lDrvzRohT+HBtMzZyHgt4sUu6q4emzl3h88Lgw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1712829000575652.4518510598334; Thu, 11 Apr 2024 02:50:00 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rur35-0006kd-Kk; Thu, 11 Apr 2024 05:48:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rur34-0006kO-Pv for qemu-devel@nongnu.org; Thu, 11 Apr 2024 05:48:50 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rur33-00037R-DC for qemu-devel@nongnu.org; Thu, 11 Apr 2024 05:48:50 -0400 Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-211-JLV5oFR_MMuqMiI-7xvWFg-1; Thu, 11 Apr 2024 05:48:43 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 927AF1808EE0; Thu, 11 Apr 2024 09:48:42 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.204]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5E7EB1121306; Thu, 11 Apr 2024 09:48:41 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 5F06918009AA; Thu, 11 Apr 2024 11:48:30 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1712828928; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YFHcsZ9ZU7AzVfrEPYuL5GwinphPuWA3zfMkUzjgx9U=; b=FAl1Uf/NITdxuPNCGVyuQV/GuAobMv4EZKoIBfycVGi1JcCzKTt6Tdei9+6P3nzjb2KLm9 djtmLkGxhTLTeVTKr6VF9IPAWXb19j18fHAvTpfutNdt5wISwXKFHu4t6n0WyL7pMYrF3U SqAfTeF0D5W3em0+RndN6dNQg8IIC9E= X-MC-Unique: JLV5oFR_MMuqMiI-7xvWFg-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Eduardo Habkost , Richard Henderson , Marcel Apfelbaum , "Michael S. Tsirkin" , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Paolo Bonzini , Yanan Wang , Gerd Hoffmann Subject: [PATCH 2/5] x86/loader: only patch linux kernels Date: Thu, 11 Apr 2024 11:48:26 +0200 Message-ID: <20240411094830.1337658-3-kraxel@redhat.com> In-Reply-To: <20240411094830.1337658-1-kraxel@redhat.com> References: <20240411094830.1337658-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.3 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer2=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -40 X-Spam_score: -4.1 X-Spam_bar: ---- X-Spam_report: (-4.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-2.049, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer2=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer2=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1712829001203100001 Content-Type: text/plain; charset="utf-8" If the binary loaded via -kernel is *not* a linux kernel (in which case protocol =3D=3D 0), do not patch the linux kernel header fields. It's (a) pointless and (b) might break binaries by random patching and (c) changes the binary hash which in turn breaks secure boot verification. Background: OVMF happily loads and runs not only linux kernels but any efi binary via direct kernel boot. Note: Breaking the secure boot verification is a problem for linux kernels too, but fixed that is left for another day ... Signed-off-by: Gerd Hoffmann --- hw/i386/x86.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/i386/x86.c b/hw/i386/x86.c index ffbda48917fd..765899eebe43 100644 --- a/hw/i386/x86.c +++ b/hw/i386/x86.c @@ -1108,7 +1108,7 @@ void x86_load_linux(X86MachineState *x86ms, * kernel on the other side of the fw_cfg interface matches the hash o= f the * file the user passed in. */ - if (!sev_enabled()) { + if (!sev_enabled() && protocol > 0) { memcpy(setup, header, MIN(sizeof(header), setup_size)); } =20 --=20 2.44.0 From nobody Fri May 17 04:15:51 2024 Delivered-To: importer2@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1712828986; cv=none; d=zohomail.com; s=zohoarc; b=Ua+SPJuli1/Rx06Qt2g3GLiXtDrOtl8gu28POlgB7vNvw40RWWBloNIgwLeZKYlnZ4zCnMg2JwVDaLWxc+helRxdavit+R27eb4dVdC9XSLqfXyDH9z+0MeUsUm32Zu2LAtapp9VI5fPJW9698zO0KqZd5TuNeoHjdZv7zzu+LY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1712828986; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=aJAfTPrFy3A5v4w7d+iJcbwWlf5aVee+o94cln2/F1U=; b=O+OQs9vVM68VXeQ+x12HslgHfz6FdTKEqjdX9R0xrrd9jrE84duB1JJwyuzOeZ8OhUq83YETfTJlmJGUTh4rDximLmRb6Av8aydR2a6ljdERgL1piryKsXBeUiupowDne7lHU/eTikb5xTqT8WRSn5tF4ch7zxTMMPZxKqBEDqM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1712828986026857.3272414781691; Thu, 11 Apr 2024 02:49:46 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rur38-0006l5-SK; Thu, 11 Apr 2024 05:48:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rur36-0006kr-U5 for qemu-devel@nongnu.org; Thu, 11 Apr 2024 05:48:53 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rur35-00037n-EV for qemu-devel@nongnu.org; Thu, 11 Apr 2024 05:48:52 -0400 Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-599-im2J5kbMP8yjgvtgGmVzTw-1; Thu, 11 Apr 2024 05:48:48 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4473A806604; Thu, 11 Apr 2024 09:48:48 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.204]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A72BE1121306; Thu, 11 Apr 2024 09:48:47 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 6D80418009BB; Thu, 11 Apr 2024 11:48:30 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1712828930; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aJAfTPrFy3A5v4w7d+iJcbwWlf5aVee+o94cln2/F1U=; b=X1Q6TqsrkFEoT4fsA2mMq9ucq1vijHtKYFVX7BDTxPKpUpv+9bvDkde4QlNaKJ7uDtZe1W FFGf5pTEdJnu8fd8tp87aLMcOBnrVrig8NpkC5Oau1JV4vp52WwGGnUvpbEJ7cHjB72hf+ m+PUoS6EKwQT2D+D5tiiYydjy9HnW5o= X-MC-Unique: im2J5kbMP8yjgvtgGmVzTw-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Eduardo Habkost , Richard Henderson , Marcel Apfelbaum , "Michael S. Tsirkin" , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Paolo Bonzini , Yanan Wang , Gerd Hoffmann Subject: [PATCH 3/5] x86/loader: read complete kernel Date: Thu, 11 Apr 2024 11:48:27 +0200 Message-ID: <20240411094830.1337658-4-kraxel@redhat.com> In-Reply-To: <20240411094830.1337658-1-kraxel@redhat.com> References: <20240411094830.1337658-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.3 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer2=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -40 X-Spam_score: -4.1 X-Spam_bar: ---- X-Spam_report: (-4.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-2.049, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer2=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer2=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1712828987230100007 Content-Type: text/plain; charset="utf-8" Load the complete kernel (including setup) into memory. Excluding the setup is handled later when adding the FW_CFG_KERNEL_SIZE and FW_CFG_KERNEL_DATA entries. This is a preparation for the next patch which adds a new fw_cfg file containing the complete, unpatched kernel. No functional change. Signed-off-by: Gerd Hoffmann --- hw/i386/x86.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/hw/i386/x86.c b/hw/i386/x86.c index 765899eebe43..6f75948b3021 100644 --- a/hw/i386/x86.c +++ b/hw/i386/x86.c @@ -1058,7 +1058,6 @@ void x86_load_linux(X86MachineState *x86ms, fprintf(stderr, "qemu: invalid kernel header\n"); exit(1); } - kernel_size -=3D setup_size; =20 setup =3D g_malloc(setup_size); kernel =3D g_malloc(kernel_size); @@ -1067,6 +1066,7 @@ void x86_load_linux(X86MachineState *x86ms, fprintf(stderr, "fread() failed\n"); exit(1); } + fseek(f, 0, SEEK_SET); if (fread(kernel, 1, kernel_size, f) !=3D kernel_size) { fprintf(stderr, "fread() failed\n"); exit(1); @@ -1113,10 +1113,11 @@ void x86_load_linux(X86MachineState *x86ms, } =20 fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, prot_addr); - fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size); - fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, kernel, kernel_size); - sev_load_ctx.kernel_data =3D (char *)kernel; - sev_load_ctx.kernel_size =3D kernel_size; + fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size - setup_size); + fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, + kernel + setup_size, kernel_size - setup_size); + sev_load_ctx.kernel_data =3D (char *)kernel + setup_size; + sev_load_ctx.kernel_size =3D kernel_size - setup_size; =20 fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_ADDR, real_addr); fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_SIZE, setup_size); --=20 2.44.0 From nobody Fri May 17 04:15:51 2024 Delivered-To: importer2@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1712829002; cv=none; d=zohomail.com; s=zohoarc; b=DvsWsFxJSkEe3nrQO6fcTu9Elxr6wiCIDS5RYmpRJHJ2TMS0okjspg9WOOEj10YbLB1PLrvzsVpIgCzVMgKCTWBke91K8esSapO8Mq7Ac7FgjG2Ivgvm+rd7QdG0RJncBwDHEgyqu6Fnn7H3/BIbLZhC1PV5El1+DPvIGdGgWRg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1712829002; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=8b5kGLksPzZ5zp872Mk9p0VK84K7bFa5FygfV1RWVdM=; b=EOQhriQVQqcp8shRmMkO3SWiT9A11Xn31S6i2BTfbUdPxw7hBz8QHSbruBzohzGKHV/hj/YaJlFlarqxPYSWRwtSyN0F84nQEAGQyl6bEwQwBlapTs2BtlAiI823G2xmD7LlUWqD2cHAJR30wI0Mm3p8Exl1jidGp38wkE3hWfc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1712829002326984.381427608916; Thu, 11 Apr 2024 02:50:02 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rur3I-0006mU-O3; Thu, 11 Apr 2024 05:49:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rur3G-0006m4-Sh for qemu-devel@nongnu.org; Thu, 11 Apr 2024 05:49:02 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rur3E-000386-H5 for qemu-devel@nongnu.org; Thu, 11 Apr 2024 05:49:02 -0400 Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-173-WU8KJP4CMbeJCD1WQ3emYQ-1; Thu, 11 Apr 2024 05:48:55 -0400 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 853681808EF6; Thu, 11 Apr 2024 09:48:54 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.204]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5A44E492BC6; Thu, 11 Apr 2024 09:48:53 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 7BBDB18009DB; Thu, 11 Apr 2024 11:48:30 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1712828939; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8b5kGLksPzZ5zp872Mk9p0VK84K7bFa5FygfV1RWVdM=; b=QRjDYhEPcoccERvHsvIjmOvr+htRBaTuG4Bp+Ke9Zv8jC+TpjvgvoFSOEZCYNKz3B6d6I+ hDrxjCl99/LZf7VRAdD98ovIjUYPL/cPxJ5M0P8KqrQH14m+H2PeF0Pf1FW/8GLKwQ4YpC d8eAWmN1z4X2llZLmqDrdRtptka7kio= X-MC-Unique: WU8KJP4CMbeJCD1WQ3emYQ-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Eduardo Habkost , Richard Henderson , Marcel Apfelbaum , "Michael S. Tsirkin" , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Paolo Bonzini , Yanan Wang , Gerd Hoffmann Subject: [PATCH 4/5] x86/loader: expose unpatched kernel Date: Thu, 11 Apr 2024 11:48:28 +0200 Message-ID: <20240411094830.1337658-5-kraxel@redhat.com> In-Reply-To: <20240411094830.1337658-1-kraxel@redhat.com> References: <20240411094830.1337658-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.9 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer2=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -40 X-Spam_score: -4.1 X-Spam_bar: ---- X-Spam_report: (-4.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-2.049, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer2=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer2=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1712829003231100006 Content-Type: text/plain; charset="utf-8" Add a new "etc/boot/kernel" fw_cfg file, containing the kernel without the setup header patches. Intended use is booting in UEFI with secure boot enabled, where the setup header patching breaks secure boot verification. Needs OVMF changes too to be actually useful. Signed-off-by: Gerd Hoffmann --- hw/i386/x86.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/i386/x86.c b/hw/i386/x86.c index 6f75948b3021..6724e408e576 100644 --- a/hw/i386/x86.c +++ b/hw/i386/x86.c @@ -1125,6 +1125,9 @@ void x86_load_linux(X86MachineState *x86ms, sev_load_ctx.setup_data =3D (char *)setup; sev_load_ctx.setup_size =3D setup_size; =20 + /* kernel without setup header patches */ + fw_cfg_add_file(fw_cfg, "etc/boot/kernel", kernel, kernel_size); + if (sev_enabled()) { sev_add_kernel_loader_hashes(&sev_load_ctx, &error_fatal); } --=20 2.44.0 From nobody Fri May 17 04:15:51 2024 Delivered-To: importer2@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1712828967; cv=none; d=zohomail.com; s=zohoarc; b=jHwst5byWR1PJzpLADGZF2UwEyFpmw2oxPfITcUVPn9pPmCWedtqgWTJMzpYqlZeviFwSXpOWh+oxvr+cLnNJK1wgeH1xJxIfyKp/mSOUJ2+wGwLncRI98TNpwnYocStGd41D+dBxKRVn/drzgulxnKI+oneKnAvO+ogL4xE7EA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1712828967; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=viXpoVwiwK7UNIPqMm+1exr+Ny85uo8eo7xr3X36SbU=; b=el5URt1ERMOEI8M/1FLCzb3tRQk5Sa+VbgoEXqkhI/Mo67ohY7SuY5VepQGQMtpOeP2M/y8kEG94haf+t3ZjJCmg0AhQgzr5I/4DZK4TrHGX8gL0eWJcPFDQe6d1QHEsEfA2ZrJr7FkcGmcW3zx25eRFmQTWCj8vQQq64O6Py5k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1712828967687102.43493267855547; Thu, 11 Apr 2024 02:49:27 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rur3J-0006mp-Ot; Thu, 11 Apr 2024 05:49:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rur3I-0006mN-9x for qemu-devel@nongnu.org; Thu, 11 Apr 2024 05:49:04 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rur3G-00038F-KU for qemu-devel@nongnu.org; Thu, 11 Apr 2024 05:49:04 -0400 Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-575-xyrjQADPNXW8tkRnC0ka5g-1; Thu, 11 Apr 2024 05:48:58 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 3BCCC8007AD; Thu, 11 Apr 2024 09:48:58 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.204]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6E1C0C27EAF; Thu, 11 Apr 2024 09:48:57 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 9302F1800D5B; Thu, 11 Apr 2024 11:48:30 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1712828941; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=viXpoVwiwK7UNIPqMm+1exr+Ny85uo8eo7xr3X36SbU=; b=ZpVS+cwyMZ7gkZi2Ykpq/lYGNH+ctdzBYabErWBjXZGXtJ2ofhJHvkxkF/vEInz1VzyJEP tq/rbuv401jMGQhvXA5Mcfdhtw80xHaVTiD3qskx2m/kEeqVJX3K5RnU6AR28o2gahATw6 ywiCUv5eqzO09JBVtJDrPUR7c2Fe/Lg= X-MC-Unique: xyrjQADPNXW8tkRnC0ka5g-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Eduardo Habkost , Richard Henderson , Marcel Apfelbaum , "Michael S. Tsirkin" , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Paolo Bonzini , Yanan Wang , Gerd Hoffmann Subject: [PATCH 5/5] x86/loader: add -shim option Date: Thu, 11 Apr 2024 11:48:29 +0200 Message-ID: <20240411094830.1337658-6-kraxel@redhat.com> In-Reply-To: <20240411094830.1337658-1-kraxel@redhat.com> References: <20240411094830.1337658-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer2=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -40 X-Spam_score: -4.1 X-Spam_bar: ---- X-Spam_report: (-4.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-2.049, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer2=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer2=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1712828969105100005 Content-Type: text/plain; charset="utf-8" Add new -shim command line option, wire up for the x86 loader. When specified load shim into the new "etc/boot/shim" fw_cfg file. Needs OVMF changes too to be actually useful. Signed-off-by: Gerd Hoffmann --- include/hw/boards.h | 1 + hw/core/machine.c | 20 ++++++++++++++++++++ hw/i386/x86.c | 16 ++++++++++++++++ system/vl.c | 9 +++++++++ qemu-options.hx | 7 +++++++ 5 files changed, 53 insertions(+) diff --git a/include/hw/boards.h b/include/hw/boards.h index 8b8f6d5c00d3..37da417cb029 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -399,6 +399,7 @@ struct MachineState { BootConfiguration boot_config; char *kernel_filename; char *kernel_cmdline; + char *shim_filename; char *initrd_filename; const char *cpu_type; AccelState *accelerator; diff --git a/hw/core/machine.c b/hw/core/machine.c index 37ede0e7d4fd..f27f6ae8e199 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -313,6 +313,21 @@ static void machine_set_kernel(Object *obj, const char= *value, Error **errp) ms->kernel_filename =3D g_strdup(value); } =20 +static char *machine_get_shim(Object *obj, Error **errp) +{ + MachineState *ms =3D MACHINE(obj); + + return g_strdup(ms->shim_filename); +} + +static void machine_set_shim(Object *obj, const char *value, Error **errp) +{ + MachineState *ms =3D MACHINE(obj); + + g_free(ms->shim_filename); + ms->shim_filename =3D g_strdup(value); +} + static char *machine_get_initrd(Object *obj, Error **errp) { MachineState *ms =3D MACHINE(obj); @@ -988,6 +1003,11 @@ static void machine_class_init(ObjectClass *oc, void = *data) object_class_property_set_description(oc, "kernel", "Linux kernel image file"); =20 + object_class_property_add_str(oc, "shim", + machine_get_shim, machine_set_shim); + object_class_property_set_description(oc, "shim", + "shim.efi file"); + object_class_property_add_str(oc, "initrd", machine_get_initrd, machine_set_initrd); object_class_property_set_description(oc, "initrd", diff --git a/hw/i386/x86.c b/hw/i386/x86.c index 6724e408e576..3e95f196fb40 100644 --- a/hw/i386/x86.c +++ b/hw/i386/x86.c @@ -1128,6 +1128,22 @@ void x86_load_linux(X86MachineState *x86ms, /* kernel without setup header patches */ fw_cfg_add_file(fw_cfg, "etc/boot/kernel", kernel, kernel_size); =20 + if (machine->shim_filename) { + GMappedFile *mapped_file; + GError *gerr =3D NULL; + + mapped_file =3D g_mapped_file_new(machine->shim_filename, false, &= gerr); + if (!mapped_file) { + fprintf(stderr, "qemu: error reading shim %s: %s\n", + machine->shim_filename, gerr->message); + exit(1); + } + + fw_cfg_add_file(fw_cfg, "etc/boot/shim", + g_mapped_file_get_contents(mapped_file), + g_mapped_file_get_length(mapped_file)); + } + if (sev_enabled()) { sev_add_kernel_loader_hashes(&sev_load_ctx, &error_fatal); } diff --git a/system/vl.c b/system/vl.c index 0c6201c5bdc5..4df42ba8c7a6 100644 --- a/system/vl.c +++ b/system/vl.c @@ -2407,6 +2407,7 @@ static void configure_accelerators(const char *progna= me) static void qemu_validate_options(const QDict *machine_opts) { const char *kernel_filename =3D qdict_get_try_str(machine_opts, "kerne= l"); + const char *shim_filename =3D qdict_get_try_str(machine_opts, "shim"); const char *initrd_filename =3D qdict_get_try_str(machine_opts, "initr= d"); const char *kernel_cmdline =3D qdict_get_try_str(machine_opts, "append= "); =20 @@ -2416,6 +2417,11 @@ static void qemu_validate_options(const QDict *machi= ne_opts) exit(1); } =20 + if (shim_filename !=3D NULL) { + error_report("-shim only allowed with -kernel option"); + exit(1); + } + if (initrd_filename !=3D NULL) { error_report("-initrd only allowed with -kernel option"); exit(1); @@ -2908,6 +2914,9 @@ void qemu_init(int argc, char **argv) case QEMU_OPTION_kernel: qdict_put_str(machine_opts_dict, "kernel", optarg); break; + case QEMU_OPTION_shim: + qdict_put_str(machine_opts_dict, "shim", optarg); + break; case QEMU_OPTION_initrd: qdict_put_str(machine_opts_dict, "initrd", optarg); break; diff --git a/qemu-options.hx b/qemu-options.hx index 8ce85d45598d..b5151857afe5 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -4002,6 +4002,13 @@ SRST or in multiboot format. ERST =20 +DEF("shim", HAS_ARG, QEMU_OPTION_shim, \ + "-shim shim.efi use 'shim.efi' to boot the kernel\n", QEMU_ARCH_ALL) +SRST +``-shim shim.efi`` + Use 'shim.efi' to boot the kernel +ERST + DEF("append", HAS_ARG, QEMU_OPTION_append, \ "-append cmdline use 'cmdline' as kernel command line\n", QEMU_ARCH_AL= L) SRST --=20 2.44.0