cryptospore / rpms / qemu-kvm

Forked from rpms/qemu-kvm 2 years ago
Clone
ae23c9
From 4a1515fe8a1343c66ca3a889897568f13eedd7f3 Mon Sep 17 00:00:00 2001
ae23c9
From: Thomas Huth <thuth@redhat.com>
ae23c9
Date: Wed, 8 May 2019 13:37:49 +0100
ae23c9
Subject: [PATCH] s390-bios: Skip bootmap signature entries
ae23c9
ae23c9
RH-Author: Thomas Huth <thuth@redhat.com>
ae23c9
Message-id: <20190508133749.11555-2-thuth@redhat.com>
ae23c9
Patchwork-id: 87209
ae23c9
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 1/1] s390-bios: Skip bootmap signature entries
ae23c9
Bugzilla: 1683275
ae23c9
RH-Acked-by: David Hildenbrand <david@redhat.com>
ae23c9
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
ae23c9
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
ae23c9
ae23c9
From: "Jason J. Herne" <jjherne@linux.ibm.com>
ae23c9
ae23c9
Newer versions of zipl have the ability to write signature entries to the boot
ae23c9
script for secure boot. We don't yet support secure boot, but we need to skip
ae23c9
over signature entries while reading the boot script in order to maintain our
ae23c9
ability to boot guest operating systems that have a secure bootloader.
ae23c9
ae23c9
Signed-off-by: Jason J. Herne <jjherne@linux.ibm.com>
ae23c9
Reviewed-by: Farhan Ali <alifm@linux.ibm.com>
ae23c9
Message-Id: <1556543381-12671-1-git-send-email-jjherne@linux.ibm.com>
ae23c9
Signed-off-by: Thomas Huth <thuth@redhat.com>
ae23c9
(cherry picked from commit 2497b4a3c08426122d1a89b808c669a734469e5a)
ae23c9
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
ae23c9
---
ae23c9
 pc-bios/s390-ccw/bootmap.c | 19 +++++++++++++++++--
ae23c9
 pc-bios/s390-ccw/bootmap.h | 10 ++++++----
ae23c9
 2 files changed, 23 insertions(+), 6 deletions(-)
ae23c9
ae23c9
diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
ae23c9
index e41e715..ffbf671 100644
ae23c9
--- a/pc-bios/s390-ccw/bootmap.c
ae23c9
+++ b/pc-bios/s390-ccw/bootmap.c
ae23c9
@@ -309,7 +309,14 @@ static void run_eckd_boot_script(block_number_t bmt_block_nr,
ae23c9
     memset(sec, FREE_SPACE_FILLER, sizeof(sec));
ae23c9
     read_block(block_nr, sec, "Cannot read Boot Map Script");
ae23c9
 
ae23c9
-    for (i = 0; bms->entry[i].type == BOOT_SCRIPT_LOAD; i++) {
ae23c9
+    for (i = 0; bms->entry[i].type == BOOT_SCRIPT_LOAD ||
ae23c9
+                bms->entry[i].type == BOOT_SCRIPT_SIGNATURE; i++) {
ae23c9
+
ae23c9
+        /* We don't support secure boot yet, so we skip signature entries */
ae23c9
+        if (bms->entry[i].type == BOOT_SCRIPT_SIGNATURE) {
ae23c9
+            continue;
ae23c9
+        }
ae23c9
+
ae23c9
         address = bms->entry[i].address.load_address;
ae23c9
         block_nr = eckd_block_num(&bms->entry[i].blkptr.xeckd.bptr.chs);
ae23c9
 
ae23c9
@@ -544,7 +551,15 @@ static void zipl_run(ScsiBlockPtr *pte)
ae23c9
 
ae23c9
     /* Load image(s) into RAM */
ae23c9
     entry = (ComponentEntry *)(&header[1]);
ae23c9
-    while (entry->component_type == ZIPL_COMP_ENTRY_LOAD) {
ae23c9
+    while (entry->component_type == ZIPL_COMP_ENTRY_LOAD ||
ae23c9
+           entry->component_type == ZIPL_COMP_ENTRY_SIGNATURE) {
ae23c9
+
ae23c9
+        /* We don't support secure boot yet, so we skip signature entries */
ae23c9
+        if (entry->component_type == ZIPL_COMP_ENTRY_SIGNATURE) {
ae23c9
+            entry++;
ae23c9
+            continue;
ae23c9
+        }
ae23c9
+
ae23c9
         zipl_load_segment(entry);
ae23c9
 
ae23c9
         entry++;
ae23c9
diff --git a/pc-bios/s390-ccw/bootmap.h b/pc-bios/s390-ccw/bootmap.h
ae23c9
index 732c111..f1ce423 100644
ae23c9
--- a/pc-bios/s390-ccw/bootmap.h
ae23c9
+++ b/pc-bios/s390-ccw/bootmap.h
ae23c9
@@ -98,8 +98,9 @@ typedef struct ScsiMbr {
ae23c9
 #define ZIPL_COMP_HEADER_IPL    0x00
ae23c9
 #define ZIPL_COMP_HEADER_DUMP   0x01
ae23c9
 
ae23c9
-#define ZIPL_COMP_ENTRY_LOAD    0x02
ae23c9
-#define ZIPL_COMP_ENTRY_EXEC    0x01
ae23c9
+#define ZIPL_COMP_ENTRY_EXEC      0x01
ae23c9
+#define ZIPL_COMP_ENTRY_LOAD      0x02
ae23c9
+#define ZIPL_COMP_ENTRY_SIGNATURE 0x03
ae23c9
 
ae23c9
 typedef struct XEckdMbr {
ae23c9
     uint8_t magic[4];   /* == "xIPL"        */
ae23c9
@@ -117,8 +118,9 @@ typedef struct BootMapScriptEntry {
ae23c9
     BootMapPointer blkptr;
ae23c9
     uint8_t pad[7];
ae23c9
     uint8_t type;   /* == BOOT_SCRIPT_* */
ae23c9
-#define BOOT_SCRIPT_EXEC 0x01
ae23c9
-#define BOOT_SCRIPT_LOAD 0x02
ae23c9
+#define BOOT_SCRIPT_EXEC      0x01
ae23c9
+#define BOOT_SCRIPT_LOAD      0x02
ae23c9
+#define BOOT_SCRIPT_SIGNATURE 0x03
ae23c9
     union {
ae23c9
         uint64_t load_address;
ae23c9
         uint64_t load_psw;
ae23c9
-- 
ae23c9
1.8.3.1
ae23c9