[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 1/7] x86/loader: only patch linux kernels
From: |
Gerd Hoffmann |
Subject: |
[PULL 1/7] x86/loader: only patch linux kernels |
Date: |
Mon, 16 Dec 2024 11:50:47 +0100 |
If the binary loaded via -kernel is *not* a linux kernel (in which
case protocol == 0), do not patch the linux kernel header fields.
It's (a) pointless and (b) might break binaries by random patching
and (c) changes the binary hash which in turn breaks secure boot
verification.
Background: OVMF happily loads and runs not only linux kernels but
any efi binary via direct kernel boot.
Note: Breaking the secure boot verification is a problem for linux
kernels too, but fixed that is left for another day ...
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20240905141211.1253307-3-kraxel@redhat.com>
---
hw/i386/x86-common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
index dc031af66217..dadc9d99e78f 100644
--- a/hw/i386/x86-common.c
+++ b/hw/i386/x86-common.c
@@ -945,7 +945,7 @@ void x86_load_linux(X86MachineState *x86ms,
* kernel on the other side of the fw_cfg interface matches the hash of the
* file the user passed in.
*/
- if (!sev_enabled()) {
+ if (!sev_enabled() && protocol > 0) {
memcpy(setup, header, MIN(sizeof(header), setup_size));
}
--
2.47.1
- [PULL 0/7] Firmware 20241216 patches, Gerd Hoffmann, 2024/12/16
- [PULL 2/7] x86/loader: read complete kernel, Gerd Hoffmann, 2024/12/16
- [PULL 6/7] pc-bios: add missing riscv64 descriptor, Gerd Hoffmann, 2024/12/16
- [PULL 1/7] x86/loader: only patch linux kernels,
Gerd Hoffmann <=
- [PULL 4/7] x86/loader: add -shim option, Gerd Hoffmann, 2024/12/16
- [PULL 5/7] pc-bios: Add amd-sev-es to edk2 json, Gerd Hoffmann, 2024/12/16
- [PULL 7/7] roms: re-add edk2-basetools target, Gerd Hoffmann, 2024/12/16
- Re: [PULL 0/7] Firmware 20241216 patches, Stefan Hajnoczi, 2024/12/16