[PATCH v1 0/3] OvmfPkg: Use QemuKernelLoaderFs to read cmdline/initrd

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Dov Murik" <dovmurik@linux.ibm.com>
To: devel@edk2.groups.io
Cc: Dov Murik <dovmurik@linux.ibm.com>,
	Laszlo Ersek <lersek@redhat.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Jordan Justen <jordan.l.justen@intel.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
Subject: [PATCH v1 0/3] OvmfPkg: Use QemuKernelLoaderFs to read cmdline/initrd
Date: Wed,  9 Jun 2021 12:18:25 +0000	[thread overview]
Message-ID: <20210609121828.1884825-1-dovmurik@linux.ibm.com> (raw)

In order to support measured SEV boot with kernel/initrd/cmdline, we'd
like to have one place that reads those blobs; in the future we'll add
the measurement and verification in that place.

We already have a synthetic filesystem (QemuKernelLoaderFs) which holds
three files: "kernel", "initrd", and "cmdline".  The kernel is indeed
read from this filesystem in LoadImage; but the cmdline (and the length
of initrd) are read from QemuFwCfgLib items.

This patch series modifies GenericQemuLoadImageLib to read cmdline (and
the initrd size) from the QemuKernelLoaderFs synthetic filesystem, thus
removing the dependency on QemuFwCfgLib.

Note that X86QemuLoadImageLib is not modified, because it contains a
QemuLoadLegacyImage() which reads other items of the QemuFwCfg which are
not available in QemuKernelLoaderFs.  Since we don't want to support the
legacy boot path in the future measured SEV boot, we leave
X86QemuLoadImageLib as-is (except for a comment addition in patch 3) and
will force use for GenericQemuLoadImageLib in the measured SEV boot
implementation.

Relevant discussion threads start in:
https://edk2.groups.io/g/devel/message/76069

To test this on x86_64, I forced the use of GenericQemuLoadImageLib
using the following local patch:

diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 0a237a905866..46442b543bcf 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -404,7 +404,7 @@ [LibraryClasses.common.DXE_DRIVER]
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
   QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
-  QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
+  QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf # XXX don't commit this or someone will be mad
 !if $(TPM_ENABLE) == TRUE
   Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
   Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf

I tested boot with QEMU and OVMF with the following QEMU arguments:

  -kernel a
  -kernel a -initrd b
  -kernel a -cmdline c
  -kernel a -initrd b -cmdline c

(and also without -kernel)

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>

Dov Murik (3):
  Revert "OvmfPkg/QemuKernelLoaderFsDxe: don't expose kernel command
    line"
  OvmfPkg/GenericQemuLoadImageLib: Read cmdline from QemuKernelLoaderFs
  OvmfPkg/X86QemuLoadImageLib: State dependency on fw_cfg in file header

 OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf |   2 +-
 OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c   | 132 ++++++++++++++++++--
 OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c           |   3 +
 OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c               |  11 +-
 4 files changed, 137 insertions(+), 11 deletions(-)

-- 
2.25.1

next             reply	other threads:[~2021-06-09 12:18 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-09 12:18 Dov Murik [this message]
2021-06-09 12:18 ` [PATCH v1 1/3] Revert "OvmfPkg/QemuKernelLoaderFsDxe: don't expose kernel command line" Dov Murik
2021-06-09 12:18 ` [PATCH v1 2/3] OvmfPkg/GenericQemuLoadImageLib: Read cmdline from QemuKernelLoaderFs Dov Murik
2021-06-10 12:45   ` [edk2-devel] " Ard Biesheuvel
2021-06-09 12:18 ` [PATCH v1 3/3] OvmfPkg/X86QemuLoadImageLib: State fw_cfg dependency in file header Dov Murik
2021-06-09 14:39   ` [edk2-devel] " Laszlo Ersek
2021-06-10 12:46     ` Ard Biesheuvel

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:0a237a90586 dfblob:46442b543bc )
 OR (
bs:"[PATCH v1 0/3] OvmfPkg: Use QemuKernelLoaderFs to read cmdline/initrd" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210609121828.1884825-1-dovmurik@linux.ibm.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox