mbox series

[0/5] x86/loader: secure boot support for direct kernel load

Message ID 20240411094830.1337658-1-kraxel@redhat.com (mailing list archive)
Headers show
Series x86/loader: secure boot support for direct kernel load | expand

Message

Gerd Hoffmann April 11, 2024, 9:48 a.m. UTC
This series allows to boot linux kernels and other efi binaries via
direct kernel load with secure boot enabled.

The series adds two new fw_cfg files: 'etc/boot/kernel' contains the
kernel without modifications (no setup header patching), and
'etc/boot/shim' contains shim.

The path to the shim binary can be passed to qemu using the new '-shim'
command line switch.

This needs a companion patch series for tianocore which will put the new
fw_cfg files into use, a draft of that series can be found here:

https://github.com/kraxel/edk2/commits/devel/direct-secure-boot/

With everything in place it is possible to use direct kernel load with
secure boot enabled.

take care,
  Gerd

Gerd Hoffmann (5):
  vl: fix qemu_validate_options() indention
  x86/loader: only patch linux kernels
  x86/loader: read complete kernel
  x86/loader: expose unpatched kernel
  x86/loader: add -shim option

 include/hw/boards.h |  1 +
 hw/core/machine.c   | 20 ++++++++++++++++++++
 hw/i386/x86.c       | 32 ++++++++++++++++++++++++++------
 system/vl.c         | 25 +++++++++++++++++--------
 qemu-options.hx     |  7 +++++++
 5 files changed, 71 insertions(+), 14 deletions(-)