[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PULL 3/7] x86/loader: expose unpatched kernel
From: |
Gerd Hoffmann |
Subject: |
Re: [PULL 3/7] x86/loader: expose unpatched kernel |
Date: |
Tue, 17 Dec 2024 15:26:35 +0100 |
On Tue, Dec 17, 2024 at 02:15:15PM +0000, Daniel P. Berrangé wrote:
> On Mon, Dec 16, 2024 at 11:50:49AM +0100, Gerd Hoffmann wrote:
> > Add a new "etc/boot/kernel" fw_cfg file, containing the kernel without
> > the setup header patches. Intended use is booting in UEFI with secure
> > boot enabled, where the setup header patching breaks secure boot
> > verification.
> >
> > Needs OVMF changes too to be actually useful.
> >
> > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> > Message-ID: <20240905141211.1253307-5-kraxel@redhat.com>
> > ---
> > hw/i386/x86-common.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
> > index 28341b42d949..1cef3045ad83 100644
> > --- a/hw/i386/x86-common.c
> > +++ b/hw/i386/x86-common.c
> > @@ -962,6 +962,9 @@ void x86_load_linux(X86MachineState *x86ms,
> > sev_load_ctx.setup_data = (char *)setup;
> > sev_load_ctx.setup_size = setup_size;
> >
> > + /* kernel without setup header patches */
> > + fw_cfg_add_file(fw_cfg, "etc/boot/kernel", kernel, kernel_size);
> > +
>
> How concerned should we be about the memory duplication overhead
> from loading the kernel image twice ?
It's not loaded twice, see 214191f6b574 ("x86/loader: read complete
kernel"), both fw_cfg entries point to the same memory block.
take care,
Gerd
- [PULL 0/7] Firmware 20241216 patches, Gerd Hoffmann, 2024/12/16
- [PULL 2/7] x86/loader: read complete kernel, Gerd Hoffmann, 2024/12/16
- [PULL 6/7] pc-bios: add missing riscv64 descriptor, Gerd Hoffmann, 2024/12/16
- [PULL 1/7] x86/loader: only patch linux kernels, Gerd Hoffmann, 2024/12/16
- [PULL 4/7] x86/loader: add -shim option, Gerd Hoffmann, 2024/12/16
- [PULL 5/7] pc-bios: Add amd-sev-es to edk2 json, Gerd Hoffmann, 2024/12/16
- [PULL 7/7] roms: re-add edk2-basetools target, Gerd Hoffmann, 2024/12/16
- Re: [PULL 0/7] Firmware 20241216 patches, Stefan Hajnoczi, 2024/12/16