motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-17 15:12:07 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

x86/loader: fix efi binary loading

Browse source 
x86/loader: support secure boot with direct kernel load
 firmware: json descriptor updates
 roms: re-add edk2-basetools target
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmdgBfwACgkQTLbY7tPo
 cTj7MQ/+MJkVWTYN59Yy1o+XgfIBMoPKuF8Rm9jyosR751Nb5slw7ivd/nr9vKOd
 QNmCUNSHqNhkt10fGZmiL/OBNPH2I226iJ/QPB6CPgn+klWu9/n/qCYHKqkUl+4V
 uAe2CtsljiMmBouJUshmUvtUeB62aykwYYUBb2WfpElBaAvDqs8O+WBCp/83ugfP
 pd0G/bG+7lI6co9KLa3u7hMgcmxu2t/uKd55BaD/H2+Py353geQtnwXThom33jhy
 RMDzSZKWXxcXpwYtGJmUgy2XQqRwCe2uCqCldJ+Yn+VqWIJhszGrfxa1W3AQWoT0
 BHcnH9uriEwMEL5gO6i83m1No9tPJQaw9qhOa/zKtAxoVjdB9FBab1+MYCyYiS4N
 BBz6pIwR+74iDjn1SCOn4vJPmblEL6qtV+IB7MauG1o9GN6IluWDDHotpcmI5B6k
 oXh7mld70cqUFWjFZvoPYEp6HBAvhXLyUf3A4fQoemEX6mSVM9eYol4GM4gTj0gs
 IsBfd9wvHmaurpXMgB0cJOpr7UbbijtssseB/WzkMWlKskuMlJxsif/IEJO+GrbZ
 RdEcdVOr45Ty1Hmqv6b9M9kUojphUchLe6nl+CQihm3K7dF27yqhcJYqNTe7mKpt
 4+i6RZaTKKtbY8FL80ycDRZIkDZg9cwMQHMxrDABQVN5WpVfRgU=
 =4fZc
 -----END PGP SIGNATURE-----

Merge tag 'firmware-20241216-pull-request' of https://gitlab.com/kraxel/qemu into staging

x86/loader: fix efi binary loading
x86/loader: support secure boot with direct kernel load
firmware: json descriptor updates
roms: re-add edk2-basetools target

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmdgBfwACgkQTLbY7tPo
# cTj7MQ/+MJkVWTYN59Yy1o+XgfIBMoPKuF8Rm9jyosR751Nb5slw7ivd/nr9vKOd
# QNmCUNSHqNhkt10fGZmiL/OBNPH2I226iJ/QPB6CPgn+klWu9/n/qCYHKqkUl+4V
# uAe2CtsljiMmBouJUshmUvtUeB62aykwYYUBb2WfpElBaAvDqs8O+WBCp/83ugfP
# pd0G/bG+7lI6co9KLa3u7hMgcmxu2t/uKd55BaD/H2+Py353geQtnwXThom33jhy
# RMDzSZKWXxcXpwYtGJmUgy2XQqRwCe2uCqCldJ+Yn+VqWIJhszGrfxa1W3AQWoT0
# BHcnH9uriEwMEL5gO6i83m1No9tPJQaw9qhOa/zKtAxoVjdB9FBab1+MYCyYiS4N
# BBz6pIwR+74iDjn1SCOn4vJPmblEL6qtV+IB7MauG1o9GN6IluWDDHotpcmI5B6k
# oXh7mld70cqUFWjFZvoPYEp6HBAvhXLyUf3A4fQoemEX6mSVM9eYol4GM4gTj0gs
# IsBfd9wvHmaurpXMgB0cJOpr7UbbijtssseB/WzkMWlKskuMlJxsif/IEJO+GrbZ
# RdEcdVOr45Ty1Hmqv6b9M9kUojphUchLe6nl+CQihm3K7dF27yqhcJYqNTe7mKpt
# 4+i6RZaTKKtbY8FL80ycDRZIkDZg9cwMQHMxrDABQVN5WpVfRgU=
# =4fZc
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 16 Dec 2024 05:50:36 EST
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* tag 'firmware-20241216-pull-request' of https://gitlab.com/kraxel/qemu:
  roms: re-add edk2-basetools target
  pc-bios: add missing riscv64 descriptor
  pc-bios: Add amd-sev-es to edk2 json
  x86/loader: add -shim option
  x86/loader: expose unpatched kernel
  x86/loader: read complete kernel
  x86/loader: only patch linux kernels

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This commit is contained in:
Stefan Hajnoczi 2024-12-16 14:20:33 -05:00
commit 8032c78e55
9 changed files with 102 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

20
hw/core/machine.c
View file

@ -305,6 +305,21 @@ static void machine_set_kernel(Object *obj, const char *value, Error **errp)
ms->kernel_filename = g_strdup(value); ms->kernel_filename = g_strdup(value);
} }
static char *machine_get_shim(Object *obj, Error **errp)
{
MachineState *ms = MACHINE(obj);
return g_strdup(ms->shim_filename);
}
static void machine_set_shim(Object *obj, const char *value, Error **errp)
{
MachineState *ms = MACHINE(obj);
g_free(ms->shim_filename);
ms->shim_filename = g_strdup(value);
}
static char *machine_get_initrd(Object *obj, Error **errp) static char *machine_get_initrd(Object *obj, Error **errp)
{ {
MachineState *ms = MACHINE(obj); MachineState *ms = MACHINE(obj);
@ -1082,6 +1097,11 @@ static void machine_class_init(ObjectClass *oc, void *data)
object_class_property_set_description(oc, "kernel", object_class_property_set_description(oc, "kernel",
"Linux kernel image file"); "Linux kernel image file");
object_class_property_add_str(oc, "shim",
machine_get_shim, machine_set_shim);
object_class_property_set_description(oc, "shim",
"shim.efi file");
object_class_property_add_str(oc, "initrd", object_class_property_add_str(oc, "initrd",
machine_get_initrd, machine_set_initrd); machine_get_initrd, machine_set_initrd);
object_class_property_set_description(oc, "initrd", object_class_property_set_description(oc, "initrd",

32
hw/i386/x86-common.c
View file

@ -895,7 +895,6 @@ void x86_load_linux(X86MachineState *x86ms,
fprintf(stderr, "qemu: invalid kernel header\n"); fprintf(stderr, "qemu: invalid kernel header\n");
exit(1); exit(1);
} }
kernel_size -= setup_size;
setup = g_malloc(setup_size); setup = g_malloc(setup_size);
kernel = g_malloc(kernel_size); kernel = g_malloc(kernel_size);
@ -904,6 +903,7 @@ void x86_load_linux(X86MachineState *x86ms,
fprintf(stderr, "fread() failed\n"); fprintf(stderr, "fread() failed\n");
exit(1); exit(1);
} }
fseek(f, 0, SEEK_SET);
if (fread(kernel, 1, kernel_size, f) != kernel_size) { if (fread(kernel, 1, kernel_size, f) != kernel_size) {
fprintf(stderr, "fread() failed\n"); fprintf(stderr, "fread() failed\n");
exit(1); exit(1);
@ -945,15 +945,16 @@ void x86_load_linux(X86MachineState *x86ms,
* kernel on the other side of the fw_cfg interface matches the hash of the * kernel on the other side of the fw_cfg interface matches the hash of the
* file the user passed in. * file the user passed in.
*/ */
if (!sev_enabled()) { if (!sev_enabled() && protocol > 0) {
memcpy(setup, header, MIN(sizeof(header), setup_size)); memcpy(setup, header, MIN(sizeof(header), setup_size));
} }
fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, prot_addr); fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, prot_addr);
fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size); fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size - setup_size);
fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, kernel, kernel_size); fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA,
sev_load_ctx.kernel_data = (char *)kernel; kernel + setup_size, kernel_size - setup_size);
sev_load_ctx.kernel_size = kernel_size; sev_load_ctx.kernel_data = (char *)kernel + setup_size;
sev_load_ctx.kernel_size = kernel_size - setup_size;
fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_ADDR, real_addr); fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_ADDR, real_addr);
fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_SIZE, setup_size); fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_SIZE, setup_size);
@ -961,6 +962,25 @@ void x86_load_linux(X86MachineState *x86ms,
sev_load_ctx.setup_data = (char *)setup; sev_load_ctx.setup_data = (char *)setup;
sev_load_ctx.setup_size = setup_size; sev_load_ctx.setup_size = setup_size;
/* kernel without setup header patches */
fw_cfg_add_file(fw_cfg, "etc/boot/kernel", kernel, kernel_size);
if (machine->shim_filename) {
GMappedFile *mapped_file;
GError *gerr = NULL;
mapped_file = g_mapped_file_new(machine->shim_filename, false, &gerr);
if (!mapped_file) {
fprintf(stderr, "qemu: error reading shim %s: %s\n",
machine->shim_filename, gerr->message);
exit(1);
}
fw_cfg_add_file(fw_cfg, "etc/boot/shim",
g_mapped_file_get_contents(mapped_file),
g_mapped_file_get_length(mapped_file));
}
if (sev_enabled()) { if (sev_enabled()) {
sev_add_kernel_loader_hashes(&sev_load_ctx, &error_fatal); sev_add_kernel_loader_hashes(&sev_load_ctx, &error_fatal);
} }

1
include/hw/boards.h
View file

@ -431,6 +431,7 @@ struct MachineState {
BootConfiguration boot_config; BootConfiguration boot_config;
char *kernel_filename; char *kernel_filename;
char *kernel_cmdline; char *kernel_cmdline;
char *shim_filename;
char *initrd_filename; char *initrd_filename;
const char *cpu_type; const char *cpu_type;
AccelState *accelerator; AccelState *accelerator;

31
pc-bios/descriptors/60-edk2-riscv64.json Normal file
View file

@ -0,0 +1,31 @@
{
"description": "UEFI firmware for riscv64",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "@DATADIR@/edk2-riscv-code.fd",
"format": "raw"
},
"nvram-template": {
"filename": "@DATADIR@/edk2-riscv-vars.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "riscv64",
"machines": [
"virt*"
]
}
],
"features": [
],
"tags": [
]
}

1
pc-bios/descriptors/60-edk2-x86_64.json
View file

@ -26,6 +26,7 @@
"features": [ "features": [
"acpi-s3", "acpi-s3",
"amd-sev", "amd-sev",
"amd-sev-es",
"verbose-dynamic" "verbose-dynamic"
], ],
"tags": [ "tags": [

3
pc-bios/descriptors/meson.build
View file

@ -6,7 +6,8 @@ if unpack_edk2_blobs and get_option('install_blobs')
'60-edk2-arm.json', '60-edk2-arm.json',
'60-edk2-i386.json', '60-edk2-i386.json',
'60-edk2-x86_64.json', '60-edk2-x86_64.json',
'60-edk2-loongarch64.json' '60-edk2-loongarch64.json',
'60-edk2-riscv64.json'
] ]
configure_file(input: files(f), configure_file(input: files(f),
output: f, output: f,

7
qemu-options.hx
View file

@ -4145,6 +4145,13 @@ SRST
or in multiboot format. or in multiboot format.
ERST ERST
DEF("shim", HAS_ARG, QEMU_OPTION_shim, \
"-shim shim.efi use 'shim.efi' to boot the kernel\n", QEMU_ARCH_ALL)
SRST
``-shim shim.efi``
Use 'shim.efi' to boot the kernel
ERST
DEF("append", HAS_ARG, QEMU_OPTION_append, \ DEF("append", HAS_ARG, QEMU_OPTION_append, \
"-append cmdline use 'cmdline' as kernel command line\n", QEMU_ARCH_ALL) "-append cmdline use 'cmdline' as kernel command line\n", QEMU_ARCH_ALL)
SRST SRST

5
roms/Makefile
View file

@ -157,6 +157,11 @@ edk2-version: edk2
touch $@; \ touch $@; \
fi fi
edk2-basetools: edk2-version
$(PYTHON) edk2-build.py --config edk2-build.config \
--silent --no-logs \
--match none # build only basetools
efi: edk2-version efi: edk2-version
$(PYTHON) edk2-build.py --config edk2-build.config \ $(PYTHON) edk2-build.py --config edk2-build.config \
--version-override "$(EDK2_STABLE)$(FIRMWARE_EXTRAVERSION)" \ --version-override "$(EDK2_STABLE)$(FIRMWARE_EXTRAVERSION)" \

9
system/vl.c
View file

@ -2427,6 +2427,7 @@ static void configure_accelerators(const char *progname)
static void qemu_validate_options(const QDict *machine_opts) static void qemu_validate_options(const QDict *machine_opts)
{ {
const char *kernel_filename = qdict_get_try_str(machine_opts, "kernel"); const char *kernel_filename = qdict_get_try_str(machine_opts, "kernel");
const char *shim_filename = qdict_get_try_str(machine_opts, "shim");
const char *initrd_filename = qdict_get_try_str(machine_opts, "initrd"); const char *initrd_filename = qdict_get_try_str(machine_opts, "initrd");
const char *kernel_cmdline = qdict_get_try_str(machine_opts, "append"); const char *kernel_cmdline = qdict_get_try_str(machine_opts, "append");
@ -2436,6 +2437,11 @@ static void qemu_validate_options(const QDict *machine_opts)
exit(1); exit(1);
} }
if (shim_filename != NULL) {
error_report("-shim only allowed with -kernel option");
exit(1);
}
if (initrd_filename != NULL) { if (initrd_filename != NULL) {
error_report("-initrd only allowed with -kernel option"); error_report("-initrd only allowed with -kernel option");
exit(1); exit(1);
@ -2912,6 +2918,9 @@ void qemu_init(int argc, char **argv)
case QEMU_OPTION_kernel: case QEMU_OPTION_kernel:
qdict_put_str(machine_opts_dict, "kernel", optarg); qdict_put_str(machine_opts_dict, "kernel", optarg);
break; break;
case QEMU_OPTION_shim:
qdict_put_str(machine_opts_dict, "shim", optarg);
break;
case QEMU_OPTION_initrd: case QEMU_OPTION_initrd:
qdict_put_str(machine_opts_dict, "initrd", optarg); qdict_put_str(machine_opts_dict, "initrd", optarg);
break; break;