From patchwork Thu Jun 20 12:21:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 11006597 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B65FD14B6 for ; Thu, 20 Jun 2019 12:46:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A59471FF81 for ; Thu, 20 Jun 2019 12:46:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 98FCF27F91; Thu, 20 Jun 2019 12:46:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id CF3E31FF81 for ; Thu, 20 Jun 2019 12:46:44 +0000 (UTC) Received: from localhost ([::1]:47428 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hdwSh-0006VE-TK for patchwork-qemu-devel@patchwork.kernel.org; Thu, 20 Jun 2019 08:46:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34968) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hdw4z-0004HU-KP for qemu-devel@nongnu.org; Thu, 20 Jun 2019 08:22:18 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hdw4r-0007SO-JB for qemu-devel@nongnu.org; Thu, 20 Jun 2019 08:22:10 -0400 Received: from mx1.redhat.com ([209.132.183.28]:45282) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hdw4d-00076e-9U; Thu, 20 Jun 2019 08:21:52 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E382A44BCD; Thu, 20 Jun 2019 12:21:44 +0000 (UTC) Received: from x1w.redhat.com (ovpn-204-106.brq.redhat.com [10.40.204.106]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 644FB5D9C6; Thu, 20 Jun 2019 12:21:42 +0000 (UTC) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org, Laszlo Ersek Date: Thu, 20 Jun 2019 14:21:30 +0200 Message-Id: <20190620122132.10075-2-philmd@redhat.com> In-Reply-To: <20190620122132.10075-1-philmd@redhat.com> References: <20190620122132.10075-1-philmd@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Thu, 20 Jun 2019 12:21:44 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 1/3] hw/firmware: Add Edk2Crypto and edk2_add_host_crypto_policy() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Andrew Jones , Eduardo Habkost , "Michael S. Tsirkin" , qemu-arm@nongnu.org, Paolo Bonzini , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The Edk2Crypto object is used to hold configuration values specific to EDK2. The edk2_add_host_crypto_policy() function loads crypto policies from the host, and register them as fw_cfg named file items. So far only the 'https' policy is supported. A usercase example is the 'HTTPS Boof' feature of OVMF [*]. Usage example: - via the command line: $ qemu-system-x86_64 \ --object edk2_crypto,id=https,\ ciphers=/etc/crypto-policies/back-ends/openssl.config,\ cacerts=/etc/pki/ca-trust/extracted/edk2/cacerts.bin - via QMP: { "execute": "object-add", "arguments": { "qom-type": "edk2_crypto", "id": "https", "props": { "ciphers": "/etc/crypto-policies/back-ends/openssl.config", "cacerts": "/etc/pki/ca-trust/extracted/edk2/cacerts.bin" } } } (On Fedora these files are provided by the ca-certificates and crypto-policies packages). [*]: https://github.com/tianocore/edk2/blob/master/OvmfPkg/README Signed-off-by: Philippe Mathieu-Daudé --- v3: - inverted the if() logic - '-object' -> '--object' in commit description (Eric) - reworded the 'TODO: g_free' comment v4: - do not return pointer to alloc'd data (Markus) - INTERFACE_CHECK -> OBJECT_CLASS_CHECK (Markus) - path -> filename (Laszlo) - dropped the 'TODO: g_free' comment (Markus) v5: - only allow 1 singleton using the UserCreatableClass::complete callback (Markus, Laszlo) - object own fw_cfg 'file' content, no need for fw_cfg_add_file_from_host() (Laszlo) - g_file_get_contents() called when object is instantiated and report error, the machine 'done' notifier do not have to manage errors (do not fail). - add QMP example - - do not add docs/interop/firmware.json to MAINTAINERS --- MAINTAINERS | 2 + hw/Makefile.objs | 1 + hw/firmware/Makefile.objs | 1 + hw/firmware/uefi_edk2_crypto_policies.c | 209 ++++++++++++++++++++++++ include/hw/firmware/uefi_edk2.h | 30 ++++ 5 files changed, 243 insertions(+) create mode 100644 hw/firmware/Makefile.objs create mode 100644 hw/firmware/uefi_edk2_crypto_policies.c create mode 100644 include/hw/firmware/uefi_edk2.h diff --git a/MAINTAINERS b/MAINTAINERS index d32c5c2313..28de489134 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -2262,6 +2262,8 @@ EDK2 Firmware M: Laszlo Ersek M: Philippe Mathieu-Daudé S: Supported +F: hw/firmware/uefi_edk2_crypto_policies.c +F: include/hw/firmware/uefi_edk2.h F: pc-bios/descriptors/??-edk2-*.json F: pc-bios/edk2-* F: roms/Makefile.edk2 diff --git a/hw/Makefile.objs b/hw/Makefile.objs index d770926ba9..c13b6ee0dd 100644 --- a/hw/Makefile.objs +++ b/hw/Makefile.objs @@ -8,6 +8,7 @@ devices-dirs-$(CONFIG_SOFTMMU) += char/ devices-dirs-$(CONFIG_SOFTMMU) += cpu/ devices-dirs-$(CONFIG_SOFTMMU) += display/ devices-dirs-$(CONFIG_SOFTMMU) += dma/ +devices-dirs-$(CONFIG_SOFTMMU) += firmware/ devices-dirs-$(CONFIG_SOFTMMU) += gpio/ devices-dirs-$(CONFIG_HYPERV) += hyperv/ devices-dirs-$(CONFIG_I2C) += i2c/ diff --git a/hw/firmware/Makefile.objs b/hw/firmware/Makefile.objs new file mode 100644 index 0000000000..ea1f6d44df --- /dev/null +++ b/hw/firmware/Makefile.objs @@ -0,0 +1 @@ +common-obj-y += uefi_edk2_crypto_policies.o diff --git a/hw/firmware/uefi_edk2_crypto_policies.c b/hw/firmware/uefi_edk2_crypto_policies.c new file mode 100644 index 0000000000..a0164272ea --- /dev/null +++ b/hw/firmware/uefi_edk2_crypto_policies.c @@ -0,0 +1,209 @@ +/* + * UEFI EDK2 Support + * + * Copyright (c) 2019 Red Hat Inc. + * + * Author: + * Philippe Mathieu-Daudé + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "qom/object_interfaces.h" +#include "hw/firmware/uefi_edk2.h" + + +#define TYPE_EDK2_CRYPTO "edk2_crypto" + +#define EDK2_CRYPTO_CLASS(klass) \ + OBJECT_CLASS_CHECK(Edk2CryptoClass, (klass), \ + TYPE_EDK2_CRYPTO) +#define EDK2_CRYPTO_GET_CLASS(obj) \ + OBJECT_GET_CLASS(Edk2CryptoClass, (obj), \ + TYPE_EDK2_CRYPTO) +#define EDK2_CRYPTO(obj) \ + OBJECT_CHECK(Edk2Crypto, (obj), \ + TYPE_EDK2_CRYPTO) + +typedef struct FWCfgHostContent { + /* + * Path to the acceptable ciphersuites and the preferred order from + * the host-side crypto policy. + */ + char *filename; + /* + * Add a new NAMED fw_cfg item as a raw "blob" of the given size. The data + * referenced by the starting pointer is only linked, NOT copied, into the + * data structure of the fw_cfg device. + */ + char *contents; + + size_t contents_length; +} FWCfgHostContent; + +typedef struct Edk2Crypto { + Object parent_obj; + + /* + * Path to the acceptable ciphersuites and the preferred order from + * the host-side crypto policy. + */ + FWCfgHostContent ciphers; + /* Path to the trusted CA certificates configured on the host side. */ + FWCfgHostContent cacerts; +} Edk2Crypto; + +typedef struct Edk2CryptoClass { + ObjectClass parent_class; +} Edk2CryptoClass; + +static Edk2Crypto *edk2_crypto_by_policy_id(const char *policy_id, Error **errp) +{ + Object *obj; + + obj = object_resolve_path_component(object_get_objects_root(), policy_id); + if (!obj) { + error_setg(errp, "Cannot find EDK2 crypto policy ID %s", policy_id); + return NULL; + } + + if (!object_dynamic_cast(obj, TYPE_EDK2_CRYPTO)) { + error_setg(errp, "Object '%s' is not a EDK2 crypto subclass", + policy_id); + return NULL; + } + + return EDK2_CRYPTO(obj); +} + +static void edk2_crypto_prop_set_ciphers(Object *obj, const char *value, + Error **errp G_GNUC_UNUSED) +{ + Edk2Crypto *s = EDK2_CRYPTO(obj); + + g_free(s->ciphers.filename); + s->ciphers.filename = g_strdup(value); +} + +static char *edk2_crypto_prop_get_ciphers(Object *obj, + Error **errp G_GNUC_UNUSED) +{ + Edk2Crypto *s = EDK2_CRYPTO(obj); + + return g_strdup(s->ciphers.filename); +} + +static void edk2_crypto_prop_set_cacerts(Object *obj, const char *value, + Error **errp G_GNUC_UNUSED) +{ + Edk2Crypto *s = EDK2_CRYPTO(obj); + + g_free(s->cacerts.filename); + s->cacerts.filename = g_strdup(value); +} + +static char *edk2_crypto_prop_get_cacerts(Object *obj, + Error **errp G_GNUC_UNUSED) +{ + Edk2Crypto *s = EDK2_CRYPTO(obj); + + return g_strdup(s->cacerts.filename); +} + +static void edk2_crypto_complete(UserCreatable *uc, Error **errp) +{ + Edk2Crypto *s = EDK2_CRYPTO(uc); + Error *local_err = NULL; + GError *gerr = NULL; + + if (s->ciphers.filename) { + if (!g_file_get_contents(s->ciphers.filename, &s->ciphers.contents, + &s->ciphers.contents_length, &gerr)) { + goto report_error; + } + } + if (s->cacerts.filename) { + if (!g_file_get_contents(s->cacerts.filename, &s->cacerts.contents, + &s->cacerts.contents_length, &gerr)) { + goto report_error; + } + } + return; + + report_error: + error_setg(&local_err, "%s", gerr->message); + g_error_free(gerr); + error_propagate_prepend(errp, local_err, "EDK2 crypto policy: "); +} + +static void edk2_crypto_finalize(Object *obj) +{ + Edk2Crypto *s = EDK2_CRYPTO(obj); + + g_free(s->ciphers.filename); + g_free(s->ciphers.contents); + g_free(s->cacerts.filename); + g_free(s->cacerts.contents); +} + +static void edk2_crypto_class_init(ObjectClass *oc, void *data) +{ + UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc); + + ucc->complete = edk2_crypto_complete; + + object_class_property_add_str(oc, "ciphers", + edk2_crypto_prop_get_ciphers, + edk2_crypto_prop_set_ciphers, + NULL); + object_class_property_add_str(oc, "cacerts", + edk2_crypto_prop_get_cacerts, + edk2_crypto_prop_set_cacerts, + NULL); +} + +static const TypeInfo edk2_crypto_info = { + .parent = TYPE_OBJECT, + .name = TYPE_EDK2_CRYPTO, + .instance_size = sizeof(Edk2Crypto), + .instance_finalize = edk2_crypto_finalize, + .class_size = sizeof(Edk2CryptoClass), + .class_init = edk2_crypto_class_init, + .interfaces = (InterfaceInfo[]) { + { TYPE_USER_CREATABLE }, + { } + } +}; + +static void edk2_crypto_register_types(void) +{ + type_register_static(&edk2_crypto_info); +} + +type_init(edk2_crypto_register_types); + +static void edk2_add_host_crypto_policy_https(FWCfgState *fw_cfg) +{ + Edk2Crypto *s; + + s = edk2_crypto_by_policy_id("https", NULL); + if (!s) { + return; + } + if (s->ciphers.contents_length) { + fw_cfg_add_file(fw_cfg, "etc/edk2/https/ciphers", + s->ciphers.contents, s->ciphers.contents_length); + } + if (s->cacerts.contents_length) { + fw_cfg_add_file(fw_cfg, "etc/edk2/https/cacerts", + s->cacerts.contents, s->cacerts.contents_length); + } +} + +void edk2_add_host_crypto_policy(FWCfgState *fw_cfg) +{ + edk2_add_host_crypto_policy_https(fw_cfg); +} diff --git a/include/hw/firmware/uefi_edk2.h b/include/hw/firmware/uefi_edk2.h new file mode 100644 index 0000000000..f8f81c5cb2 --- /dev/null +++ b/include/hw/firmware/uefi_edk2.h @@ -0,0 +1,30 @@ +/* + * UEFI EDK2 Support + * + * Copyright (c) 2019 Red Hat Inc. + * + * Author: + * Philippe Mathieu-Daudé + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#ifndef HW_FIRMWARE_UEFI_EDK2_H +#define HW_FIRMWARE_UEFI_EDK2_H + +#include "hw/nvram/fw_cfg.h" + +/** + * edk2_add_host_crypto_policy: + * @fw_cfg: fw_cfg device being modified + * + * Add a new named file containing the host crypto policy. + * + * This method is called by the machine_done() Notifier of + * some implementations of MachineState, currently the X86 + * PCMachineState and the ARM VirtMachineState. + */ +void edk2_add_host_crypto_policy(FWCfgState *fw_cfg); + +#endif /* HW_FIRMWARE_UEFI_EDK2_H */ From patchwork Thu Jun 20 12:21:31 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 11006599 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1CE4314B6 for ; Thu, 20 Jun 2019 12:48:29 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0CD6A27F97 for ; Thu, 20 Jun 2019 12:48:29 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id F352028346; Thu, 20 Jun 2019 12:48:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 8CB8E27F97 for ; Thu, 20 Jun 2019 12:48:28 +0000 (UTC) Received: from localhost ([::1]:47430 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hdwUN-00075D-T6 for patchwork-qemu-devel@patchwork.kernel.org; Thu, 20 Jun 2019 08:48:27 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34998) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hdw54-0004It-38 for qemu-devel@nongnu.org; Thu, 20 Jun 2019 08:22:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hdw4z-0007cP-Kz for qemu-devel@nongnu.org; Thu, 20 Jun 2019 08:22:17 -0400 Received: from mx1.redhat.com ([209.132.183.28]:48924) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hdw4i-0007AQ-Nm; Thu, 20 Jun 2019 08:21:58 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 551777FDF4; Thu, 20 Jun 2019 12:21:48 +0000 (UTC) Received: from x1w.redhat.com (ovpn-204-106.brq.redhat.com [10.40.204.106]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 62FB35D9C6; Thu, 20 Jun 2019 12:21:45 +0000 (UTC) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org, Laszlo Ersek Date: Thu, 20 Jun 2019 14:21:31 +0200 Message-Id: <20190620122132.10075-3-philmd@redhat.com> In-Reply-To: <20190620122132.10075-1-philmd@redhat.com> References: <20190620122132.10075-1-philmd@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Thu, 20 Jun 2019 12:21:48 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 2/3] hw/i386: Use edk2_add_host_crypto_policy() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Andrew Jones , Eduardo Habkost , "Michael S. Tsirkin" , Markus Armbruster , qemu-arm@nongnu.org, Paolo Bonzini , =?utf-8?q?Philipp?= =?utf-8?q?e_Mathieu-Daud=C3=A9?= , Richard Henderson Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Enable the EDK2 Crypto Policy features on the PC machine. Reviewed-by: Markus Armbruster Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Laszlo Ersek --- hw/i386/pc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hw/i386/pc.c b/hw/i386/pc.c index 2c5446b095..fe99ebfe3d 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -39,6 +39,7 @@ #include "hw/nvram/fw_cfg.h" #include "hw/timer/hpet.h" #include "hw/firmware/smbios.h" +#include "hw/firmware/uefi_edk2.h" #include "hw/loader.h" #include "elf.h" #include "multiboot.h" @@ -1049,6 +1050,11 @@ static FWCfgState *bochs_bios_init(AddressSpace *as, PCMachineState *pcms) return fw_cfg; } +static void pc_uefi_setup(PCMachineState *pcms) +{ + edk2_add_host_crypto_policy(pcms->fw_cfg); +} + static long get_file_size(FILE *f) { long where, size; @@ -1653,6 +1659,7 @@ void pc_machine_done(Notifier *notifier, void *data) if (pcms->fw_cfg) { pc_build_smbios(pcms); pc_build_feature_control_file(pcms); + pc_uefi_setup(pcms); /* update FW_CFG_NB_CPUS to account for -device added CPUs */ fw_cfg_modify_i16(pcms->fw_cfg, FW_CFG_NB_CPUS, pcms->boot_cpus); } From patchwork Thu Jun 20 12:21:32 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 11006581 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EA3F5112C for ; Thu, 20 Jun 2019 12:30:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D72D9286BD for ; Thu, 20 Jun 2019 12:30:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C65DC286E3; Thu, 20 Jun 2019 12:30:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 7D49A286BD for ; Thu, 20 Jun 2019 12:30:04 +0000 (UTC) Received: from localhost ([::1]:47312 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hdwCZ-0001jT-EL for patchwork-qemu-devel@patchwork.kernel.org; Thu, 20 Jun 2019 08:30:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34975) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hdw4z-0004Hp-QS for qemu-devel@nongnu.org; Thu, 20 Jun 2019 08:22:17 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hdw4v-0007YJ-UW for qemu-devel@nongnu.org; Thu, 20 Jun 2019 08:22:13 -0400 Received: from mx1.redhat.com ([209.132.183.28]:60890) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hdw4o-0007Dk-LK; Thu, 20 Jun 2019 08:22:02 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4C18B7CB87; Thu, 20 Jun 2019 12:21:51 +0000 (UTC) Received: from x1w.redhat.com (ovpn-204-106.brq.redhat.com [10.40.204.106]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C09E85D9D2; Thu, 20 Jun 2019 12:21:48 +0000 (UTC) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org, Laszlo Ersek Date: Thu, 20 Jun 2019 14:21:32 +0200 Message-Id: <20190620122132.10075-4-philmd@redhat.com> In-Reply-To: <20190620122132.10075-1-philmd@redhat.com> References: <20190620122132.10075-1-philmd@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Thu, 20 Jun 2019 12:21:51 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 3/3] hw/arm/virt: Use edk2_add_host_crypto_policy() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Andrew Jones , Eduardo Habkost , "Michael S. Tsirkin" , Markus Armbruster , qemu-arm@nongnu.org, Paolo Bonzini , =?utf-8?q?Philipp?= =?utf-8?q?e_Mathieu-Daud=C3=A9?= Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Enable the EDK2 Crypto Policy features on the Virt machine. Reviewed-by: Markus Armbruster Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Laszlo Ersek --- hw/arm/virt.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index 431e2900fd..15727b3d59 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -59,6 +59,7 @@ #include "hw/intc/arm_gicv3_common.h" #include "kvm_arm.h" #include "hw/firmware/smbios.h" +#include "hw/firmware/uefi_edk2.h" #include "qapi/visitor.h" #include "standard-headers/linux/input.h" #include "hw/arm/smmuv3.h" @@ -1355,6 +1356,11 @@ static void virt_build_smbios(VirtMachineState *vms) } } +static void virt_uefi_setup(VirtMachineState *vms) +{ + edk2_add_host_crypto_policy(vms->fw_cfg); +} + static void virt_machine_done(Notifier *notifier, void *data) { @@ -1383,6 +1389,7 @@ void virt_machine_done(Notifier *notifier, void *data) virt_acpi_setup(vms); virt_build_smbios(vms); + virt_uefi_setup(vms); } static uint64_t virt_cpu_mp_affinity(VirtMachineState *vms, int idx)