From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com [209.85.221.54]) by mx.groups.io with SMTP id smtpd.web10.12690.1583415972020570218 for ; Thu, 05 Mar 2020 05:46:12 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=s5TUzE0h; spf=pass (domain: linaro.org, ip: 209.85.221.54, mailfrom: ard.biesheuvel@linaro.org) Received: by mail-wr1-f54.google.com with SMTP id z15so7123371wrl.1 for ; Thu, 05 Mar 2020 05:46:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=Oc1WHqPOeyF46tliJja/Hf6mEUrnk6Yqcp+fyTSRerc=; b=s5TUzE0hoWj7X+/Y8Dr6AnmnStjRwb2pMNHuGh0W/nZnbyjhQK/XfI53yoFb7nHtqE 9TrdeNAiaO29lyYmjAPVMSlXW3GPJEd+UwVOjS1YVc17QaJRXjaeQreEIVyb0xS+SKuP hxD3+heo9aZRYRUB6534vg9Fuid8HwU8pp7OHo0cr+2wgqRGDZwVYNPU/YqzNBXBdE34 ian3dSMet9V2Tl9wlhBnXKzLdouDwywUfYEyh1hLv7XeY7emKb5KcneYVZN6fix96gMQ 9cyn5RYavNuvXWRuMcyUSpXkmVQ/Xwnpr/OMt/2LoZ368cLPhqLIbFo/E0/IpK4hgIxx Mkew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Oc1WHqPOeyF46tliJja/Hf6mEUrnk6Yqcp+fyTSRerc=; b=oO9x4R8SGL83rY0gXTF8t+W18Ro9l636D4RZ75s4KFSRVNLVB0LlRMwzKMWtR7mQ/Y VxM0h6fqCvkkI7JtkLmeyDg3JAhs9k1FjwoitLQLFJxJ9KdKXS2tNGVe/exX8THfwTIS 7JG5qaepOvkyMzGOt2YL1NAy+/UeDYY8qGrzApocPPmZpWTY9lRxH+bBlJPxsHBg/UKx oeoAUIZDENw33NWa5+gQQzMOP4KmdCp/z2kyxlq7VQE2z2Oys3Z6uuNH9vv9Bu6e4vdF tdTiU0xXpfSoxRBOtv7YM8ma/oAKe97IZ5Y8upx62C2GdZg3ZyaPtgGgQ1V/5nOr4umL qUFQ== X-Gm-Message-State: ANhLgQ1bBqMtwlbmPyDUBxf9wj20AQHi3hhAboY4trmtJjBXjoh8Bld5 +/jxshtP7sc7xnuCHkVvMvSmItewkxdP5A== X-Google-Smtp-Source: ADFU+vum7NNPNcZvc0QuJRam6YBaTbzBXNTNE5gA4OUq1iRS+cpo3UT48EMA+LO6am90r2TPYUgHBg== X-Received: by 2002:adf:ea91:: with SMTP id s17mr10073085wrm.129.1583415970043; Thu, 05 Mar 2020 05:46:10 -0800 (PST) Return-Path: Received: from e123331-lin.home ([2a01:cb1d:112:6f00:816e:ff0d:fb69:f613]) by smtp.gmail.com with ESMTPSA id m19sm9278701wmc.34.2020.03.05.05.46.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Mar 2020 05:46:09 -0800 (PST) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: lersek@redhat.com, Ard Biesheuvel Subject: [PATCH v3 00/14] Ovmf: use LoadImage/StartImage for loading command line images Date: Thu, 5 Mar 2020 14:45:53 +0100 Message-Id: <20200305134607.20125-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 On ArmVirtQemu, we require the kernel passed via the QEMU -kernel option to have a PE/COFF header and an EFI stub, so that it can be loaded and started using the LoadImage and StartImage boot services, respectively. This means that, on builds that enable secure boot or measured boot, the kernel image gets authenticated and/or measured as well. On X86, for historical reasons, we never use LoadImage or StartImage, which means that: - kernel images are never authenticated or measured, - calling Exit() from within the boot stub will attempt tp terminate the calling image, which is likely to end badly. So instead, split and generalize the code that exists today for ArmVirtQemu, and wire it up for x86 so that LoadImage and StartImage are used unless there is a true need for the special Linux boot protocol. The first 6 patches are only intended to be a refactoring of the existing code, and should not result in any functional changes for either ArmVirtQemu or OVMF. Patch #12 (now #13 adds the new Linux specific initrd loadfile2 protocol that aims to simplify initrd loading from Linux when booting via the PE stub. Patch #13 (now #14) is optional, and disables the Linux loader fallback on builds that have secure boot enabled. Changes since [v2]: - rename gX86QemuKernelLoadedImageGuid to gOvmfLoadedX86LinuxKernelProtocolGuid, and define the associated struct type OVMF_LOADED_X86_LINUX_KERNEL in the protocol header file - mention that the new protocol is internal ABI and subject to backward incompatible change at any time - align legacy loader logic more closely with the generic one - modify legacy mixed mode handling to prevent returning a stale handle - add Laszlo's ack to #4, #6, #8, #12 and #13 - fix up some style issues and out of date/inaccurate comments (Laszlo) Changes since [v1]: - handle EFI_SECURITY_VIOLATION return codes from gBS->LoadImage inside the QemuLoadImageLib implementation consistently, instead of propagating it - change the prototype of QemuStartKernelImage () to take the handle by reference, allowing the fallback x86 code to reload the image onto a fresh handle if needed - add new patch to declare gX86QemuKernelLoadedImageGuid, and make it a true protocol instead of just a GUID - drop unnecessary 'wrapper' struct around QEMU_LEGACY_LOADED_IMAGE (#10) - switch to QemuFwCfgRead32() consistently - fix numerous other minor style and logic issues pointed out by Laszlo - add Laszlo's ack to #1, #2, #3, #5, #7, #11 and #14 (*) (*) v2+ numbering Code can be found here: https://github.com/ardbiesheuvel/edk2/tree/ovmf-loadimage-startimage-v1 https://github.com/ardbiesheuvel/edk2/tree/ovmf-loadimage-startimage-v2 https://github.com/ardbiesheuvel/edk2/tree/ovmf-loadimage-startimage-v3 [v1] http://mid.mail-archive.com/20200302072936.29221-1-ard.biesheuvel@linaro.org [v2] http://mid.mail-archive.com/20200304095233.21046-1-ard.biesheuvel@linaro.org Ard Biesheuvel (14): OvmfPkg: add GUID for the QEMU kernel loader fs media device path OvmfPkg: export abstract QEMU blob filesystem in standalone driver OvmfPkg: introduce QemuLoadImageLib library class OvmfPkg: provide a generic implementation of QemuLoadImageLib ArmVirtPkg: incorporate the new QEMU kernel loader driver and library ArmVirtPkg/PlatformBootManagerLib: switch to separate QEMU loader OvmfPkg/QemuKernelLoaderFsDxe: don't expose kernel command line OvmfPkg/QemuKernelLoaderFsDxe: add support for the kernel setup block OvmfPkg: create protocol and GUID header for loaded x86 Linux kernels OvmfPkg: implement QEMU loader library for X86 with legacy fallback OvmfPkg: add new QEMU kernel image loader components OvmfPkg/PlatformBootManagerLib: switch to QemuLoadImageLib OvmfPkg/QemuKernelLoaderFsDxe: add support for new Linux initrd device path OvmfPkg: use generic QEMU image loader for secure boot enabled builds ArmVirtPkg/ArmVirtQemu.dsc | 2 + ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 + ArmVirtPkg/ArmVirtQemuKernel.dsc | 2 + .../PlatformBootManagerLib.inf | 9 +- .../PlatformBootManagerLib/QemuKernel.c | 1061 +---------------- .../Include/Guid/QemuKernelLoaderFsMedia.h | 18 + OvmfPkg/Include/Library/QemuLoadImageLib.h | 84 ++ .../Protocol/OvmfLoadedX86LinuxKernel.h | 32 + .../GenericQemuLoadImageLib.c | 276 +++++ .../GenericQemuLoadImageLib.inf | 38 + .../PlatformBootManagerLib.inf | 2 +- .../PlatformBootManagerLib/QemuKernel.c | 144 +-- .../X86QemuLoadImageLib/X86QemuLoadImageLib.c | 567 +++++++++ .../X86QemuLoadImageLib.inf | 42 + OvmfPkg/OvmfPkg.dec | 57 +- OvmfPkg/OvmfPkgIa32.dsc | 6 + OvmfPkg/OvmfPkgIa32.fdf | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 6 + OvmfPkg/OvmfPkgIa32X64.fdf | 1 + OvmfPkg/OvmfPkgX64.dsc | 6 + OvmfPkg/OvmfPkgX64.fdf | 1 + .../QemuKernelLoaderFsDxe.c | 367 +++--- .../QemuKernelLoaderFsDxe.inf | 50 + 23 files changed, 1354 insertions(+), 1419 deletions(-) create mode 100644 OvmfPkg/Include/Guid/QemuKernelLoaderFsMedia.h create mode 100644 OvmfPkg/Include/Library/QemuLoadImageLib.h create mode 100644 OvmfPkg/Include/Protocol/OvmfLoadedX86LinuxKernel.h create mode 100644 OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c create mode 100644 OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf create mode 100644 OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c create mode 100644 OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf copy ArmVirtPkg/Library/PlatformBootManagerLib/QemuKernel.c => OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c (77%) create mode 100644 OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf -- 2.17.1