[PULL,3/7] x86/loader: expose unpatched kernel

Message ID	20241216105053.246204-4-kraxel@redhat.com (mailing list archive)
State	New
Headers	show Return-Path: <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org> From: Gerd Hoffmann <kraxel@redhat.com> To: qemu-devel@nongnu.org Cc: Zhao Liu <zhao1.liu@intel.com>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, Yanan Wang <wangyanan55@huawei.com>, Paolo Bonzini <pbonzini@redhat.com>, Eduardo Habkost <eduardo@habkost.net>, Gerd Hoffmann <kraxel@redhat.com>, "Michael S. Tsirkin" <mst@redhat.com>, Richard Henderson <richard.henderson@linaro.org>, =?utf-8?q?Philippe_Mathie?= =?utf-8?q?u-Daud=C3=A9?= <philmd@linaro.org> Subject: [PULL 3/7] x86/loader: expose unpatched kernel Date: Mon, 16 Dec 2024 11:50:49 +0100 Message-ID: <20241216105053.246204-4-kraxel@redhat.com> In-Reply-To: <20241216105053.246204-1-kraxel@redhat.com> References: <20241216105053.246204-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=170.10.133.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -32 X-Spam_score: -3.3 X-Spam_bar: --- X-Spam_report: (-3.3 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1.168, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Series	[PULL,1/7] x86/loader: only patch linux kernels \| expand [PULL,1/7] x86/loader: only patch linux kernels [PULL,2/7] x86/loader: read complete kernel [PULL,3/7] x86/loader: expose unpatched kernel [PULL,4/7] x86/loader: add -shim option [PULL,5/7] pc-bios: Add amd-sev-es to edk2 json [PULL,6/7] pc-bios: add missing riscv64 descriptor [PULL,7/7] roms: re-add edk2-basetools target

Message ID

20241216105053.246204-4-kraxel@redhat.com (mailing list archive)

State

New

Headers

From: Gerd Hoffmann <kraxel@redhat.com>
To: qemu-devel@nongnu.org
Cc: Zhao Liu <zhao1.liu@intel.com>,
 Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
 Yanan Wang <wangyanan55@huawei.com>, Paolo Bonzini <pbonzini@redhat.com>,
 Eduardo Habkost <eduardo@habkost.net>, Gerd Hoffmann <kraxel@redhat.com>,
 "Michael S. Tsirkin" <mst@redhat.com>,
 Richard Henderson <richard.henderson@linaro.org>, =?utf-8?q?Philippe_Mathie?=
	=?utf-8?q?u-Daud=C3=A9?= <philmd@linaro.org>
Subject: [PULL 3/7] x86/loader: expose unpatched kernel
Date: Mon, 16 Dec 2024 11:50:49 +0100
Message-ID: <20241216105053.246204-4-kraxel@redhat.com>
In-Reply-To: <20241216105053.246204-1-kraxel@redhat.com>
References: <20241216105053.246204-1-kraxel@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=170.10.133.124; envelope-from=kraxel@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -32
X-Spam_score: -3.3
X-Spam_bar: ---
X-Spam_report: (-3.3 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1.168,
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org

Series

[PULL,1/7] x86/loader: only patch linux kernels | expand

Commit Message

Gerd Hoffmann Dec. 16, 2024, 10:50 a.m. UTC

Add a new "etc/boot/kernel" fw_cfg file, containing the kernel without
the setup header patches.  Intended use is booting in UEFI with secure
boot enabled, where the setup header patching breaks secure boot
verification.

Needs OVMF changes too to be actually useful.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20240905141211.1253307-5-kraxel@redhat.com>
---
 hw/i386/x86-common.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Daniel P. Berrangé Dec. 17, 2024, 2:15 p.m. UTC | #1

On Mon, Dec 16, 2024 at 11:50:49AM +0100, Gerd Hoffmann wrote:
> Add a new "etc/boot/kernel" fw_cfg file, containing the kernel without
> the setup header patches.  Intended use is booting in UEFI with secure
> boot enabled, where the setup header patching breaks secure boot
> verification.
> 
> Needs OVMF changes too to be actually useful.
> 
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> Message-ID: <20240905141211.1253307-5-kraxel@redhat.com>
> ---
>  hw/i386/x86-common.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
> index 28341b42d949..1cef3045ad83 100644
> --- a/hw/i386/x86-common.c
> +++ b/hw/i386/x86-common.c
> @@ -962,6 +962,9 @@ void x86_load_linux(X86MachineState *x86ms,
>      sev_load_ctx.setup_data = (char *)setup;
>      sev_load_ctx.setup_size = setup_size;
>  
> +    /* kernel without setup header patches */
> +    fw_cfg_add_file(fw_cfg, "etc/boot/kernel", kernel, kernel_size);
> +

How concerned should we be about the memory duplication overhead
from loading the kernel image twice ?

A bare modular kernel is 16MB, a non-modular one would be bigger
perhaps 10's of MB, a UKI meanwhile could easily be 100's of MB
in size, and >=1GB is not entirely insane to contemplate with a
UKI depending on how much is put into the embedded initrd.

I don't think the memory for fw_cfg is counted against the guest
RAM, right?

Is there anyway the duplicate kernel gets erased from memory once
the firmware is done, otherwise we live with this extra host RAM
overhead forever ?

>      if (sev_enabled()) {
>          sev_add_kernel_loader_hashes(&sev_load_ctx, &error_fatal);
>      }

With regards,
Daniel

Gerd Hoffmann Dec. 17, 2024, 2:26 p.m. UTC | #2

On Tue, Dec 17, 2024 at 02:15:15PM +0000, Daniel P. Berrangé wrote:
> On Mon, Dec 16, 2024 at 11:50:49AM +0100, Gerd Hoffmann wrote:
> > Add a new "etc/boot/kernel" fw_cfg file, containing the kernel without
> > the setup header patches.  Intended use is booting in UEFI with secure
> > boot enabled, where the setup header patching breaks secure boot
> > verification.
> > 
> > Needs OVMF changes too to be actually useful.
> > 
> > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> > Message-ID: <20240905141211.1253307-5-kraxel@redhat.com>
> > ---
> >  hw/i386/x86-common.c | 3 +++
> >  1 file changed, 3 insertions(+)
> > 
> > diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
> > index 28341b42d949..1cef3045ad83 100644
> > --- a/hw/i386/x86-common.c
> > +++ b/hw/i386/x86-common.c
> > @@ -962,6 +962,9 @@ void x86_load_linux(X86MachineState *x86ms,
> >      sev_load_ctx.setup_data = (char *)setup;
> >      sev_load_ctx.setup_size = setup_size;
> >  
> > +    /* kernel without setup header patches */
> > +    fw_cfg_add_file(fw_cfg, "etc/boot/kernel", kernel, kernel_size);
> > +
> 
> How concerned should we be about the memory duplication overhead
> from loading the kernel image twice ?

It's not loaded twice, see 214191f6b574 ("x86/loader: read complete
kernel"), both fw_cfg entries point to the same memory block.

take care,
  Gerd

Daniel P. Berrangé Dec. 17, 2024, 2:28 p.m. UTC | #3

On Tue, Dec 17, 2024 at 03:26:35PM +0100, Gerd Hoffmann wrote:
> On Tue, Dec 17, 2024 at 02:15:15PM +0000, Daniel P. Berrangé wrote:
> > On Mon, Dec 16, 2024 at 11:50:49AM +0100, Gerd Hoffmann wrote:
> > > Add a new "etc/boot/kernel" fw_cfg file, containing the kernel without
> > > the setup header patches.  Intended use is booting in UEFI with secure
> > > boot enabled, where the setup header patching breaks secure boot
> > > verification.
> > > 
> > > Needs OVMF changes too to be actually useful.
> > > 
> > > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> > > Message-ID: <20240905141211.1253307-5-kraxel@redhat.com>
> > > ---
> > >  hw/i386/x86-common.c | 3 +++
> > >  1 file changed, 3 insertions(+)
> > > 
> > > diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
> > > index 28341b42d949..1cef3045ad83 100644
> > > --- a/hw/i386/x86-common.c
> > > +++ b/hw/i386/x86-common.c
> > > @@ -962,6 +962,9 @@ void x86_load_linux(X86MachineState *x86ms,
> > >      sev_load_ctx.setup_data = (char *)setup;
> > >      sev_load_ctx.setup_size = setup_size;
> > >  
> > > +    /* kernel without setup header patches */
> > > +    fw_cfg_add_file(fw_cfg, "etc/boot/kernel", kernel, kernel_size);
> > > +
> > 
> > How concerned should we be about the memory duplication overhead
> > from loading the kernel image twice ?
> 
> It's not loaded twice, see 214191f6b574 ("x86/loader: read complete
> kernel"), both fw_cfg entries point to the same memory block.

Ah, I see now, that's subtle :-)


With regards,
Daniel

diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
index 28341b42d949..1cef3045ad83 100644
--- a/hw/i386/x86-common.c
+++ b/hw/i386/x86-common.c
@@ -962,6 +962,9 @@  void x86_load_linux(X86MachineState *x86ms,
     sev_load_ctx.setup_data = (char *)setup;
     sev_load_ctx.setup_size = setup_size;
 
+    /* kernel without setup header patches */
+    fw_cfg_add_file(fw_cfg, "etc/boot/kernel", kernel, kernel_size);
+
     if (sev_enabled()) {
         sev_add_kernel_loader_hashes(&sev_load_ctx, &error_fatal);
     }

[PULL,3/7] x86/loader: expose unpatched kernel

Commit Message

Comments

Patch