Re: [PULL 3/7] x86/loader: expose unpatched kernel

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PULL 3/7] x86/loader: expose unpatched kernel

From:	Daniel P . Berrangé
Subject:	Re: [PULL 3/7] x86/loader: expose unpatched kernel
Date:	Tue, 17 Dec 2024 14:28:40 +0000
User-agent:	Mutt/2.2.13 (2024-03-09)

On Tue, Dec 17, 2024 at 03:26:35PM +0100, Gerd Hoffmann wrote:
> On Tue, Dec 17, 2024 at 02:15:15PM +0000, Daniel P. Berrangé wrote:
> > On Mon, Dec 16, 2024 at 11:50:49AM +0100, Gerd Hoffmann wrote:
> > > Add a new "etc/boot/kernel" fw_cfg file, containing the kernel without
> > > the setup header patches.  Intended use is booting in UEFI with secure
> > > boot enabled, where the setup header patching breaks secure boot
> > > verification.
> > > 
> > > Needs OVMF changes too to be actually useful.
> > > 
> > > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> > > Message-ID: <20240905141211.1253307-5-kraxel@redhat.com>
> > > ---
> > >  hw/i386/x86-common.c | 3 +++
> > >  1 file changed, 3 insertions(+)
> > > 
> > > diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
> > > index 28341b42d949..1cef3045ad83 100644
> > > --- a/hw/i386/x86-common.c
> > > +++ b/hw/i386/x86-common.c
> > > @@ -962,6 +962,9 @@ void x86_load_linux(X86MachineState *x86ms,
> > >      sev_load_ctx.setup_data = (char *)setup;
> > >      sev_load_ctx.setup_size = setup_size;
> > >  
> > > +    /* kernel without setup header patches */
> > > +    fw_cfg_add_file(fw_cfg, "etc/boot/kernel", kernel, kernel_size);
> > > +
> > 
> > How concerned should we be about the memory duplication overhead
> > from loading the kernel image twice ?
> 
> It's not loaded twice, see 214191f6b574 ("x86/loader: read complete
> kernel"), both fw_cfg entries point to the same memory block.

Ah, I see now, that's subtle :-)


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 0/7] Firmware 20241216 patches, Gerd Hoffmann, 2024/12/16
- [PULL 3/7] x86/loader: expose unpatched kernel, Gerd Hoffmann, 2024/12/16
  - Re: [PULL 3/7] x86/loader: expose unpatched kernel, Daniel P . Berrangé, 2024/12/17
    - Re: [PULL 3/7] x86/loader: expose unpatched kernel, Gerd Hoffmann, 2024/12/17
    - Re: [PULL 3/7] x86/loader: expose unpatched kernel, Daniel P . Berrangé <=
- [PULL 2/7] x86/loader: read complete kernel, Gerd Hoffmann, 2024/12/16
- [PULL 6/7] pc-bios: add missing riscv64 descriptor, Gerd Hoffmann, 2024/12/16
- [PULL 1/7] x86/loader: only patch linux kernels, Gerd Hoffmann, 2024/12/16
- [PULL 4/7] x86/loader: add -shim option, Gerd Hoffmann, 2024/12/16
- [PULL 5/7] pc-bios: Add amd-sev-es to edk2 json, Gerd Hoffmann, 2024/12/16
- [PULL 7/7] roms: re-add edk2-basetools target, Gerd Hoffmann, 2024/12/16
- Re: [PULL 0/7] Firmware 20241216 patches, Stefan Hajnoczi, 2024/12/16

Prev by Date: Re: [PATCH 0/2] include: Two cleanups around missing 'qemu/atomic.h'
Next by Date: [PATCH 4/6] qdev: Change values of PropertyInfo member @type to be QAPI types
Previous by thread: Re: [PULL 3/7] x86/loader: expose unpatched kernel
Next by thread: [PULL 2/7] x86/loader: read complete kernel
Index(es):
- Date
- Thread