[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 3/7] x86/loader: expose unpatched kernel
|
From: |
Gerd Hoffmann |
|
Subject: |
[PULL 3/7] x86/loader: expose unpatched kernel |
|
Date: |
Mon, 16 Dec 2024 11:50:49 +0100 |
Add a new "etc/boot/kernel" fw_cfg file, containing the kernel without
the setup header patches. Intended use is booting in UEFI with secure
boot enabled, where the setup header patching breaks secure boot
verification.
Needs OVMF changes too to be actually useful.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20240905141211.1253307-5-kraxel@redhat.com>
---
hw/i386/x86-common.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
index 28341b42d949..1cef3045ad83 100644
--- a/hw/i386/x86-common.c
+++ b/hw/i386/x86-common.c
@@ -962,6 +962,9 @@ void x86_load_linux(X86MachineState *x86ms,
sev_load_ctx.setup_data = (char *)setup;
sev_load_ctx.setup_size = setup_size;
+ /* kernel without setup header patches */
+ fw_cfg_add_file(fw_cfg, "etc/boot/kernel", kernel, kernel_size);
+
if (sev_enabled()) {
sev_add_kernel_loader_hashes(&sev_load_ctx, &error_fatal);
}
--
2.47.1
- [PULL 0/7] Firmware 20241216 patches, Gerd Hoffmann, 2024/12/16
- [PULL 3/7] x86/loader: expose unpatched kernel,
Gerd Hoffmann <=
- [PULL 2/7] x86/loader: read complete kernel, Gerd Hoffmann, 2024/12/16
- [PULL 6/7] pc-bios: add missing riscv64 descriptor, Gerd Hoffmann, 2024/12/16
- [PULL 1/7] x86/loader: only patch linux kernels, Gerd Hoffmann, 2024/12/16
- [PULL 4/7] x86/loader: add -shim option, Gerd Hoffmann, 2024/12/16
- [PULL 5/7] pc-bios: Add amd-sev-es to edk2 json, Gerd Hoffmann, 2024/12/16
- [PULL 7/7] roms: re-add edk2-basetools target, Gerd Hoffmann, 2024/12/16
- Re: [PULL 0/7] Firmware 20241216 patches, Stefan Hajnoczi, 2024/12/16