From patchwork Wed Nov 24 14:31:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gylstorff Quirin X-Patchwork-Id: 12636997 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 51968C43217 for ; Wed, 24 Nov 2021 14:31:36 +0000 (UTC) Received: from thoth.sbs.de (thoth.sbs.de [192.35.17.2]) by mx.groups.io with SMTP id smtpd.web10.6781.1637764294981170814 for ; Wed, 24 Nov 2021 06:31:35 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: siemens.com, ip: 192.35.17.2, mailfrom: quirin.gylstorff@siemens.com) Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id 1AOEVWqn026478 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 24 Nov 2021 15:31:32 +0100 Received: from md2dvrtc.fritz.box ([139.22.38.174]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id 1AOEVVLQ022964; Wed, 24 Nov 2021 15:31:32 +0100 From: "Q. Gylstorff" To: jan.kiszka@siemens.com, cip-dev@lists.cip-project.org Subject: [PATCH v2 1/3] start-qemu.sh: set bootindex for SECURE_BOOT Date: Wed, 24 Nov 2021 15:31:29 +0100 Message-Id: <20211124143131.939349-2-Quirin.Gylstorff@siemens.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20211124143131.939349-1-Quirin.Gylstorff@siemens.com> References: <20211124143131.939349-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 24 Nov 2021 14:31:36 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/7001 From: Quirin Gylstorff Set the bootindex to avoid booting into the default uefi shell. Signed-off-by: Quirin Gylstorff --- start-qemu.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/start-qemu.sh b/start-qemu.sh index 3f62257..2c0a751 100755 --- a/start-qemu.sh +++ b/start-qemu.sh @@ -39,8 +39,14 @@ case "$1" in -cpu qemu64 \ -smp 4 \ -machine q35,accel=kvm:tcg \ - -device ide-hd,drive=disk \ -device virtio-net-pci,netdev=net" + if [ -n "${SECURE_BOOT}" ]; then + QEMU_EXTRA_ARGS=" \ + ${QEMU_EXTRA_ARGS} -device ide-hd,drive=disk,bootindex=0" + else + QEMU_EXTRA_ARGS=" \ + ${QEMU_EXTRA_ARGS} -device ide-hd,drive=disk" + fi KERNEL_CMDLINE=" \ root=/dev/sda" ;; From patchwork Wed Nov 24 14:31:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gylstorff Quirin X-Patchwork-Id: 12636995 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5BB93C4321E for ; Wed, 24 Nov 2021 14:31:37 +0000 (UTC) Received: from goliath.siemens.de (goliath.siemens.de [192.35.17.28]) by mx.groups.io with SMTP id smtpd.web08.6698.1637764295713034963 for ; Wed, 24 Nov 2021 06:31:36 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: siemens.com, ip: 192.35.17.28, mailfrom: quirin.gylstorff@siemens.com) Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id 1AOEVWiv008616 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 24 Nov 2021 15:31:33 +0100 Received: from md2dvrtc.fritz.box ([139.22.38.174]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id 1AOEVVLR022964; Wed, 24 Nov 2021 15:31:32 +0100 From: "Q. Gylstorff" To: jan.kiszka@siemens.com, cip-dev@lists.cip-project.org Subject: [PATCH v2 2/3] start-qemu.sh: parse .config.yaml for ease of use Date: Wed, 24 Nov 2021 15:31:30 +0100 Message-Id: <20211124143131.939349-3-Quirin.Gylstorff@siemens.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20211124143131.939349-1-Quirin.Gylstorff@siemens.com> References: <20211124143131.939349-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 24 Nov 2021 14:31:37 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/7003 From: Quirin Gylstorff Suggested-by: Jan Kiszka Signed-off-by: Quirin Gylstorff --- README.md | 6 ++++-- start-qemu.sh | 16 +++++++++++++++- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 53ef679..bd707a4 100644 --- a/README.md +++ b/README.md @@ -38,8 +38,10 @@ Run, e.g., ./start-qemu.sh x86 -when having built a QEMU AMD64 image. A security image for QEMU can be started -like this: +when having built a QEMU AMD64 image. Using the image configuration menu will +initialize variables used by start-qemu.sh with fitting defaults. + +A security image for QEMU can be started like this: TARGET_IMAGE=cip-core-image-security ./start-qemu.sh x86 diff --git a/start-qemu.sh b/start-qemu.sh index 2c0a751..94c3611 100755 --- a/start-qemu.sh +++ b/start-qemu.sh @@ -20,15 +20,29 @@ usage() exit 1 } +if grep -s -q "IMAGE_SECURE_BOOT: true" .config.yaml; then + SECURE_BOOT="true" +fi + if [ -n "${QEMU_PATH}" ]; then QEMU_PATH="${QEMU_PATH}/" fi if [ -z "${DISTRO_RELEASE}" ]; then - DISTRO_RELEASE="buster" + if grep -s -q "DEBIAN_BULLSEYE: true" .config.yaml; then + DISTRO_RELEASE="bullseye" + elif grep -s -q "DEBIAN_STRETCH: true" .config.yaml; then + DISTRO_RELEASE="stretch" + else + DISTRO_RELEASE="buster" + fi fi + if [ -z "${TARGET_IMAGE}" ];then TARGET_IMAGE="cip-core-image" + if grep -s -q "IMAGE_SECURITY: true" .config.yaml; then + TARGET_IMAGE="cip-core-image-security" + fi fi case "$1" in From patchwork Wed Nov 24 14:31:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gylstorff Quirin X-Patchwork-Id: 12636993 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4507EC4332F for ; Wed, 24 Nov 2021 14:31:36 +0000 (UTC) Received: from david.siemens.de (david.siemens.de [192.35.17.14]) by mx.groups.io with SMTP id smtpd.web12.6861.1637764294978170103 for ; Wed, 24 Nov 2021 06:31:35 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: siemens.com, ip: 192.35.17.14, mailfrom: quirin.gylstorff@siemens.com) Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id 1AOEVXTm017735 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 24 Nov 2021 15:31:33 +0100 Received: from md2dvrtc.fritz.box ([139.22.38.174]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id 1AOEVVLS022964; Wed, 24 Nov 2021 15:31:32 +0100 From: "Q. Gylstorff" To: jan.kiszka@siemens.com, cip-dev@lists.cip-project.org Subject: [PATCH v2 3/3] start-qemu.sh: Simplify qemu call Date: Wed, 24 Nov 2021 15:31:31 +0100 Message-Id: <20211124143131.939349-4-Quirin.Gylstorff@siemens.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20211124143131.939349-1-Quirin.Gylstorff@siemens.com> References: <20211124143131.939349-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 24 Nov 2021 14:31:36 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/7002 From: Quirin Gylstorff Move qemu call out of if clause to avoid code duplications and use the same behavior for secure boot and non secure boot images. Signed-off-by: Quirin Gylstorff --- start-qemu.sh | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/start-qemu.sh b/start-qemu.sh index 94c3611..a92e9f4 100755 --- a/start-qemu.sh +++ b/start-qemu.sh @@ -123,18 +123,16 @@ if [ -n "${SECURE_BOOT}" ]; then BOOT_FILES="-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \ -drive if=pflash,format=raw,file=${ovmf_vars} \ -drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw" - ${QEMU_PATH}${QEMU} \ - -m 1G -serial mon:stdio -netdev user,id=net \ - ${BOOT_FILES} ${QEMU_EXTRA_ARGS} "$@" else IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4.img) KERNEL_FILE=$(ls ${IMAGE_PREFIX}-vmlinu* | tail -1) INITRD_FILE=$(ls ${IMAGE_PREFIX}-initrd.img* | tail -1) - ${QEMU_PATH}${QEMU} \ - -m 1G -serial mon:stdio -netdev user,id=net \ - -drive file=${IMAGE_FILE},discard=unmap,if=none,id=disk,format=raw \ + BOOT_FILES="-drive file=${IMAGE_FILE},discard=unmap,if=none,id=disk,format=raw \ -kernel ${KERNEL_FILE} -append "${KERNEL_CMDLINE}" \ - -initrd ${INITRD_FILE} ${QEMU_EXTRA_ARGS} "$@" + -initrd ${INITRD_FILE}" fi +${QEMU_PATH}${QEMU} \ + -m 1G -serial mon:stdio -netdev user,id=net \ + ${BOOT_FILES} ${QEMU_EXTRA_ARGS} "$@"