[PULL,0/5] Firmware 20241114 patches

Message ID	20241114110101.44322-1-kraxel@redhat.com (mailing list archive)
State	New
Headers	show Return-Path: <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org> From: Gerd Hoffmann <kraxel@redhat.com> To: qemu-devel@nongnu.org Cc: Yanan Wang <wangyanan55@huawei.com>, Paolo Bonzini <pbonzini@redhat.com>, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@linaro.org>, Zhao Liu <zhao1.liu@intel.com>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, "Michael S. Tsirkin" <mst@redhat.com>, Richard Henderson <richard.henderson@linaro.org>, Eduardo Habkost <eduardo@habkost.net>, Gerd Hoffmann <kraxel@redhat.com> Subject: [PULL 0/5] Firmware 20241114 patches Date: Thu, 14 Nov 2024 12:00:56 +0100 Message-ID: <20241114110101.44322-1-kraxel@redhat.com> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -29 X-Spam_score: -3.0 X-Spam_bar: --- X-Spam_report: (-3.0 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.119, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.738, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org

Message ID

20241114110101.44322-1-kraxel@redhat.com (mailing list archive)

State

New

Headers

From: Gerd Hoffmann <kraxel@redhat.com>
To: qemu-devel@nongnu.org
Cc: Yanan Wang <wangyanan55@huawei.com>, Paolo Bonzini <pbonzini@redhat.com>,
	=?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Zhao Liu <zhao1.liu@intel.com>,
 Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
 "Michael S. Tsirkin" <mst@redhat.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 Eduardo Habkost <eduardo@habkost.net>, Gerd Hoffmann <kraxel@redhat.com>
Subject: [PULL 0/5] Firmware 20241114 patches
Date: Thu, 14 Nov 2024 12:00:56 +0100
Message-ID: <20241114110101.44322-1-kraxel@redhat.com>
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -29
X-Spam_score: -3.0
X-Spam_bar: ---
X-Spam_report: (-3.0 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.119,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.738,
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org

Message

Gerd Hoffmann Nov. 14, 2024, 11 a.m. UTC

The following changes since commit f0a5a31c33a8109061c2493e475c8a2f4d022432:

  Update version for v9.2.0-rc0 release (2024-11-13 21:44:45 +0000)

are available in the Git repository at:

  https://gitlab.com/kraxel/qemu.git tags/firmware-20241114-pull-request

for you to fetch changes up to 5916a3b20fdbfbfc2f987f1121e945100c8c3cd2:

  x86/loader: add -shim option (2024-11-14 11:55:39 +0100)

----------------------------------------------------------------
loader: fix efi binary loading via -kernel
loader: support secure boot verification with direct kernel boot

----------------------------------------------------------------

Gerd Hoffmann (5):
  vl: fix qemu_validate_options() indention
  x86/loader: only patch linux kernels
  x86/loader: read complete kernel
  x86/loader: expose unpatched kernel
  x86/loader: add -shim option

 include/hw/boards.h  |  1 +
 hw/core/machine.c    | 20 ++++++++++++++++++++
 hw/i386/x86-common.c | 32 ++++++++++++++++++++++++++------
 system/vl.c          | 25 +++++++++++++++++--------
 qemu-options.hx      |  7 +++++++
 5 files changed, 71 insertions(+), 14 deletions(-)

Comments

Daniel P. Berrangé Nov. 14, 2024, 11:10 a.m. UTC | #1

On Thu, Nov 14, 2024 at 12:00:56PM +0100, Gerd Hoffmann wrote:
> The following changes since commit f0a5a31c33a8109061c2493e475c8a2f4d022432:
> 
>   Update version for v9.2.0-rc0 release (2024-11-13 21:44:45 +0000)
> 
> are available in the Git repository at:
> 
>   https://gitlab.com/kraxel/qemu.git tags/firmware-20241114-pull-request
> 
> for you to fetch changes up to 5916a3b20fdbfbfc2f987f1121e945100c8c3cd2:
> 
>   x86/loader: add -shim option (2024-11-14 11:55:39 +0100)
> 
> ----------------------------------------------------------------
> loader: fix efi binary loading via -kernel
> loader: support secure boot verification with direct kernel boot

Hard feature freeze was two days ago, so I would have thought
the new secure boot feature should wait until 10.0 cycle ?

Their commits say they depend on new OVMF features and we've
not updated the OVMF binaries in this cycle, so do we even
have the OVMF feature needed for this to work[1] ?

With regards,
Daniel

[1] admittedly not an issue for distros packaging ovmf separately

Gerd Hoffmann Nov. 14, 2024, 11:33 a.m. UTC | #2

On Thu, Nov 14, 2024 at 11:10:11AM +0000, Daniel P. Berrangé wrote:
> On Thu, Nov 14, 2024 at 12:00:56PM +0100, Gerd Hoffmann wrote:
> > The following changes since commit f0a5a31c33a8109061c2493e475c8a2f4d022432:
> > 
> >   Update version for v9.2.0-rc0 release (2024-11-13 21:44:45 +0000)
> > 
> > are available in the Git repository at:
> > 
> >   https://gitlab.com/kraxel/qemu.git tags/firmware-20241114-pull-request
> > 
> > for you to fetch changes up to 5916a3b20fdbfbfc2f987f1121e945100c8c3cd2:
> > 
> >   x86/loader: add -shim option (2024-11-14 11:55:39 +0100)
> > 
> > ----------------------------------------------------------------
> > loader: fix efi binary loading via -kernel
> > loader: support secure boot verification with direct kernel boot
> 
> Hard feature freeze was two days ago, so I would have thought
> the new secure boot feature should wait until 10.0 cycle ?

Patches have been posted back in September.  This PR is a bit late
because I was offline in October, and also because I didn't realize we
are in freeze already due to being active mostly in edk2 these days.

So, if an exception is out if question I'll have to wait until 10.0
opens I guess ...

> Their commits say they depend on new OVMF features and we've
> not updated the OVMF binaries in this cycle, so do we even
> have the OVMF feature needed for this to work[1] ?

Nope.  I have a branch ready.  The plan is to submit that once the qemu
changes are accepted.  edk2 is in freeze too, so this will not make the
edk2 2024-11 stable tag.  If all goes well it'll land in 2025-02, which
we should be able to put into qemu 10.0

take care,
  Gerd

[PULL,0/5] Firmware 20241114 patches

Pull-request

Message

Comments