[edk2-devel] [PATCH v2 0/3] OvmfPkg: Use QemuKernelLoaderFs to read cmdline/initrd
Dov Murik
dovmurik at linux.ibm.com
Thu Jun 17 09:12:41 UTC 2021
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3457
In order to support measured SEV boot with kernel/initrd/cmdline, we'd
like to have one place that reads those blobs; in the future we'll add
the measurement and verification in that place.
We already have a synthetic filesystem (QemuKernelLoaderFs) which holds
three files: "kernel", "initrd", and "cmdline". The kernel is indeed
read from this filesystem in LoadImage; but the cmdline (and the length
of initrd) are read from QemuFwCfgLib items.
This patch series modifies GenericQemuLoadImageLib to read cmdline (and
the initrd size) from the QemuKernelLoaderFs synthetic filesystem, thus
removing the dependency on QemuFwCfgLib.
Note that X86QemuLoadImageLib is not modified, because it contains a
QemuLoadLegacyImage() which reads other items of the QemuFwCfg which are
not available in QemuKernelLoaderFs. Since we don't want to support the
legacy boot path in the future measured SEV boot, we leave
X86QemuLoadImageLib as-is (except for a comment addition in patch 3) and
will force use for GenericQemuLoadImageLib in the measured SEV boot
implementation.
Relevant discussion threads start in:
https://edk2.groups.io/g/devel/message/76069
To test this on x86_64, I forced the use of GenericQemuLoadImageLib
using the following local patch:
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 0a237a905866..46442b543bcf 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -404,7 +404,7 @@ [LibraryClasses.common.DXE_DRIVER]
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
- QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
+ QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf # XXX don't commit this or someone will be mad
!if $(TPM_ENABLE) == TRUE
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
I tested boot with QEMU and OVMF with the following QEMU arguments:
-kernel a
-kernel a -initrd b
-kernel a -cmdline c
-kernel a -initrd b -cmdline c
(and also without -kernel)
Code is at
https://github.com/confidential-containers-demo/edk2/tree/use-synthetic-fs-for-cmdline-v2
v2 changes:
- Add comment to header of X86QemuLoadImageLib.inf
- Clearer function names in GenericQemuLoadImageLib.c
- Fix coding style issues
v1: https://edk2.groups.io/g/devel/message/76265
Cc: Laszlo Ersek <lersek at redhat.com>
Cc: Ard Biesheuvel <ardb+tianocore at kernel.org>
Cc: Jordan Justen <jordan.l.justen at intel.com>
Cc: James Bottomley <jejb at linux.ibm.com>
Cc: Tobin Feldman-Fitzthum <tobin at linux.ibm.com>
Dov Murik (3):
Revert "OvmfPkg/QemuKernelLoaderFsDxe: don't expose kernel command
line"
OvmfPkg/GenericQemuLoadImageLib: Read cmdline from QemuKernelLoaderFs
OvmfPkg/X86QemuLoadImageLib: State fw_cfg dependency in file header
OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf | 2 +-
OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf | 3 +
OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c | 145 ++++++++++++++++++--
OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c | 3 +
OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c | 11 +-
5 files changed, 147 insertions(+), 17 deletions(-)
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#76650): https://edk2.groups.io/g/devel/message/76650
Mute This Topic: https://groups.io/mt/83600307/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list