[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 2/5] x86/loader: only patch linux kernels
|
From: |
Michael Tokarev |
|
Subject: |
Re: [PATCH 2/5] x86/loader: only patch linux kernels |
|
Date: |
Tue, 17 Dec 2024 14:09:30 +0300 |
|
User-agent: |
Mozilla Thunderbird |
11.04.2024 12:48, Gerd Hoffmann wrote:
If the binary loaded via -kernel is *not* a linux kernel (in which
case protocol == 0), do not patch the linux kernel header fields.
It's (a) pointless and (b) might break binaries by random patching
and (c) changes the binary hash which in turn breaks secure boot
verification.
Background: OVMF happily loads and runs not only linux kernels but
any efi binary via direct kernel boot.
Note: Breaking the secure boot verification is a problem for linux
kernels too, but fixed that is left for another day ...
Shouldn't this one be picked up for -stable?
Thanks,
/mjt
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/i386/x86.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/i386/x86.c b/hw/i386/x86.c
index ffbda48917fd..765899eebe43 100644
--- a/hw/i386/x86.c
+++ b/hw/i386/x86.c
@@ -1108,7 +1108,7 @@ void x86_load_linux(X86MachineState *x86ms,
* kernel on the other side of the fw_cfg interface matches the hash of
the
* file the user passed in.
*/
- if (!sev_enabled()) {
+ if (!sev_enabled() && protocol > 0) {
memcpy(setup, header, MIN(sizeof(header), setup_size));
}
--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
- Re: [PATCH 2/5] x86/loader: only patch linux kernels,
Michael Tokarev <=