|
 |
6ae9ed |
From 8d9b2ba3738c9447c1cdea9ea1b81eee3ffe00f4 Mon Sep 17 00:00:00 2001
|
|
|
6ae9ed |
Message-Id: <8d9b2ba3738c9447c1cdea9ea1b81eee3ffe00f4@dist-git>
|
|
|
6ae9ed |
From: Michal Privoznik <mprivozn@redhat.com>
|
|
|
6ae9ed |
Date: Fri, 5 Aug 2016 14:35:26 +0200
|
|
|
6ae9ed |
Subject: [PATCH] Introduce @secure attribute to os loader element
|
|
|
6ae9ed |
|
|
|
6ae9ed |
https://bugzilla.redhat.com/show_bug.cgi?id=1304483
|
|
|
6ae9ed |
|
|
|
6ae9ed |
This element will control secure boot implemented by some
|
|
|
6ae9ed |
firmwares. If the firmware used in <loader/> does support the
|
|
|
6ae9ed |
feature we must tell it to the underlying hypervisor. However, we
|
|
|
6ae9ed |
can't know whether loader does support it or not just by looking
|
|
|
6ae9ed |
at the file. Therefore we have to have an attribute to the
|
|
|
6ae9ed |
element where users can tell us whether the firmware is secure
|
|
|
6ae9ed |
boot enabled or not.
|
|
|
6ae9ed |
|
|
|
6ae9ed |
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
6ae9ed |
(cherry picked from commit 64c24800437ee372d228103291626705892c3ad9)
|
|
|
6ae9ed |
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
6ae9ed |
---
|
|
|
6ae9ed |
docs/formatdomain.html.in | 7 ++--
|
|
|
6ae9ed |
docs/schemas/domaincommon.rng | 8 +++++
|
|
|
6ae9ed |
src/conf/domain_conf.c | 14 ++++++++
|
|
|
6ae9ed |
src/conf/domain_conf.h | 1 +
|
|
|
6ae9ed |
.../qemuxml2argv-bios-nvram-secure.xml | 41 ++++++++++++++++++++++
|
|
|
6ae9ed |
5 files changed, 69 insertions(+), 2 deletions(-)
|
|
|
6ae9ed |
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-bios-nvram-secure.xml
|
|
|
6ae9ed |
|
|
|
6ae9ed |
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
|
|
|
6ae9ed |
index 4d4d601..c2e261d 100644
|
|
|
6ae9ed |
--- a/docs/formatdomain.html.in
|
|
|
6ae9ed |
+++ b/docs/formatdomain.html.in
|
|
|
6ae9ed |
@@ -102,7 +102,7 @@
|
|
|
6ae9ed |
...
|
|
|
6ae9ed |
<os>
|
|
|
6ae9ed |
<type>hvm</type>
|
|
|
6ae9ed |
- <loader readonly='yes' type='rom'>/usr/lib/xen/boot/hvmloader</loader>
|
|
|
6ae9ed |
+ <loader readonly='yes' secure='no' type='rom'>/usr/lib/xen/boot/hvmloader</loader>
|
|
|
6ae9ed |
<nvram template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/nvram/guest_VARS.fd</nvram>
|
|
|
6ae9ed |
<boot dev='hd'/>
|
|
|
6ae9ed |
<boot dev='cdrom'/>
|
|
|
6ae9ed |
@@ -140,7 +140,10 @@
|
|
|
6ae9ed |
pflash. It tells the hypervisor where in the guest
|
|
|
6ae9ed |
memory the file should be mapped. For instance, if the loader
|
|
|
6ae9ed |
path points to an UEFI image, type should be
|
|
|
6ae9ed |
- pflash.
|
|
|
6ae9ed |
+ pflash. Moreover, some firmwares may
|
|
|
6ae9ed |
+ implement the Secure boot feature. Attribute
|
|
|
6ae9ed |
+ secure can be used then to control it.
|
|
|
6ae9ed |
+ Since 2.1.0
|
|
|
6ae9ed |
nvram
|
|
|
6ae9ed |
Some UEFI firmwares may want to use a non-volatile memory to store
|
|
|
6ae9ed |
some variables. In the host, this is represented as a file and the
|
|
|
6ae9ed |
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
|
|
|
6ae9ed |
index 3960a98..497597c 100644
|
|
|
6ae9ed |
--- a/docs/schemas/domaincommon.rng
|
|
|
6ae9ed |
+++ b/docs/schemas/domaincommon.rng
|
|
|
6ae9ed |
@@ -260,6 +260,14 @@
|
|
|
6ae9ed |
</attribute>
|
|
|
6ae9ed |
</optional>
|
|
|
6ae9ed |
<optional>
|
|
|
6ae9ed |
+ <attribute name="secure">
|
|
|
6ae9ed |
+ <choice>
|
|
|
6ae9ed |
+ <value>yes</value>
|
|
|
6ae9ed |
+ <value>no</value>
|
|
|
6ae9ed |
+ </choice>
|
|
|
6ae9ed |
+ </attribute>
|
|
|
6ae9ed |
+ </optional>
|
|
|
6ae9ed |
+ <optional>
|
|
|
6ae9ed |
<attribute name="type">
|
|
|
6ae9ed |
<choice>
|
|
|
6ae9ed |
<value>rom</value>
|
|
|
6ae9ed |
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
|
|
|
6ae9ed |
index c02c821..715ca2b 100644
|
|
|
6ae9ed |
--- a/src/conf/domain_conf.c
|
|
|
6ae9ed |
+++ b/src/conf/domain_conf.c
|
|
|
6ae9ed |
@@ -15371,9 +15371,11 @@ virDomainLoaderDefParseXML(xmlNodePtr node,
|
|
|
6ae9ed |
{
|
|
|
6ae9ed |
int ret = -1;
|
|
|
6ae9ed |
char *readonly_str = NULL;
|
|
|
6ae9ed |
+ char *secure_str = NULL;
|
|
|
6ae9ed |
char *type_str = NULL;
|
|
|
6ae9ed |
|
|
|
6ae9ed |
readonly_str = virXMLPropString(node, "readonly");
|
|
|
6ae9ed |
+ secure_str = virXMLPropString(node, "secure");
|
|
|
6ae9ed |
type_str = virXMLPropString(node, "type");
|
|
|
6ae9ed |
loader->path = (char *) xmlNodeGetContent(node);
|
|
|
6ae9ed |
|
|
|
6ae9ed |
@@ -15384,6 +15386,13 @@ virDomainLoaderDefParseXML(xmlNodePtr node,
|
|
|
6ae9ed |
goto cleanup;
|
|
|
6ae9ed |
}
|
|
|
6ae9ed |
|
|
|
6ae9ed |
+ if (secure_str &&
|
|
|
6ae9ed |
+ (loader->secure = virTristateBoolTypeFromString(secure_str)) <= 0) {
|
|
|
6ae9ed |
+ virReportError(VIR_ERR_XML_DETAIL,
|
|
|
6ae9ed |
+ _("unknown secure value: %s"), secure_str);
|
|
|
6ae9ed |
+ goto cleanup;
|
|
|
6ae9ed |
+ }
|
|
|
6ae9ed |
+
|
|
|
6ae9ed |
if (type_str) {
|
|
|
6ae9ed |
int type;
|
|
|
6ae9ed |
if ((type = virDomainLoaderTypeFromString(type_str)) < 0) {
|
|
|
6ae9ed |
@@ -15397,6 +15406,7 @@ virDomainLoaderDefParseXML(xmlNodePtr node,
|
|
|
6ae9ed |
ret = 0;
|
|
|
6ae9ed |
cleanup:
|
|
|
6ae9ed |
VIR_FREE(readonly_str);
|
|
|
6ae9ed |
+ VIR_FREE(secure_str);
|
|
|
6ae9ed |
VIR_FREE(type_str);
|
|
|
6ae9ed |
return ret;
|
|
|
6ae9ed |
}
|
|
|
6ae9ed |
@@ -22512,6 +22522,7 @@ virDomainLoaderDefFormat(virBufferPtr buf,
|
|
|
6ae9ed |
virDomainLoaderDefPtr loader)
|
|
|
6ae9ed |
{
|
|
|
6ae9ed |
const char *readonly = virTristateBoolTypeToString(loader->readonly);
|
|
|
6ae9ed |
+ const char *secure = virTristateBoolTypeToString(loader->secure);
|
|
|
6ae9ed |
const char *type = virDomainLoaderTypeToString(loader->type);
|
|
|
6ae9ed |
|
|
|
6ae9ed |
virBufferAddLit(buf, "
|
|
|
6ae9ed |
@@ -22519,6 +22530,9 @@ virDomainLoaderDefFormat(virBufferPtr buf,
|
|
|
6ae9ed |
if (loader->readonly)
|
|
|
6ae9ed |
virBufferAsprintf(buf, " readonly='%s'", readonly);
|
|
|
6ae9ed |
|
|
|
6ae9ed |
+ if (loader->secure)
|
|
|
6ae9ed |
+ virBufferAsprintf(buf, " secure='%s'", secure);
|
|
|
6ae9ed |
+
|
|
|
6ae9ed |
virBufferAsprintf(buf, " type='%s'>", type);
|
|
|
6ae9ed |
|
|
|
6ae9ed |
virBufferEscapeString(buf, "%s</loader>\n", loader->path);
|
|
|
6ae9ed |
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
|
|
|
6ae9ed |
index 88b0122..6eed30e 100644
|
|
|
6ae9ed |
--- a/src/conf/domain_conf.h
|
|
|
6ae9ed |
+++ b/src/conf/domain_conf.h
|
|
|
6ae9ed |
@@ -1731,6 +1731,7 @@ struct _virDomainLoaderDef {
|
|
|
6ae9ed |
char *path;
|
|
|
6ae9ed |
int readonly; /* enum virTristateBool */
|
|
|
6ae9ed |
virDomainLoader type;
|
|
|
6ae9ed |
+ int secure; /* enum virTristateBool */
|
|
|
6ae9ed |
char *nvram; /* path to non-volatile RAM */
|
|
|
6ae9ed |
char *templt; /* user override of path to master nvram */
|
|
|
6ae9ed |
};
|
|
|
6ae9ed |
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-bios-nvram-secure.xml b/tests/qemuxml2argvdata/qemuxml2argv-bios-nvram-secure.xml
|
|
|
6ae9ed |
new file mode 100644
|
|
|
6ae9ed |
index 0000000..0ddddfe3
|
|
|
6ae9ed |
--- /dev/null
|
|
|
6ae9ed |
+++ b/tests/qemuxml2argvdata/qemuxml2argv-bios-nvram-secure.xml
|
|
|
6ae9ed |
@@ -0,0 +1,41 @@
|
|
|
6ae9ed |
+<domain type='qemu'>
|
|
|
6ae9ed |
+ <name>test-bios</name>
|
|
|
6ae9ed |
+ <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
|
|
|
6ae9ed |
+ <memory unit='KiB'>1048576</memory>
|
|
|
6ae9ed |
+ <currentMemory unit='KiB'>1048576</currentMemory>
|
|
|
6ae9ed |
+ <vcpu placement='static'>1</vcpu>
|
|
|
6ae9ed |
+ <os>
|
|
|
6ae9ed |
+ <type arch='x86_64' machine='pc-q35-2.5'>hvm</type>
|
|
|
6ae9ed |
+ <loader readonly='yes' secure='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
|
|
|
6ae9ed |
+ <nvram>/usr/share/OVMF/OVMF_VARS.fd</nvram>
|
|
|
6ae9ed |
+ <boot dev='hd'/>
|
|
|
6ae9ed |
+ <bootmenu enable='yes'/>
|
|
|
6ae9ed |
+ </os>
|
|
|
6ae9ed |
+ <features>
|
|
|
6ae9ed |
+ <acpi/>
|
|
|
6ae9ed |
+ <smm state='on'/>
|
|
|
6ae9ed |
+ </features>
|
|
|
6ae9ed |
+ <clock offset='utc'/>
|
|
|
6ae9ed |
+ <on_poweroff>destroy</on_poweroff>
|
|
|
6ae9ed |
+ <on_reboot>restart</on_reboot>
|
|
|
6ae9ed |
+ <on_crash>restart</on_crash>
|
|
|
6ae9ed |
+ <devices>
|
|
|
6ae9ed |
+ <emulator>/usr/bin/qemu</emulator>
|
|
|
6ae9ed |
+ <disk type='block' device='disk'>
|
|
|
6ae9ed |
+ <source dev='/dev/HostVG/QEMUGuest1'/>
|
|
|
6ae9ed |
+ <target dev='sda' bus='scsi'/>
|
|
|
6ae9ed |
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
|
|
|
6ae9ed |
+ </disk>
|
|
|
6ae9ed |
+ <controller type='scsi' index='0'/>
|
|
|
6ae9ed |
+ <controller type='pci' index='0' model='pcie-root'/>
|
|
|
6ae9ed |
+ <serial type='pty'>
|
|
|
6ae9ed |
+ <target port='0'/>
|
|
|
6ae9ed |
+ </serial>
|
|
|
6ae9ed |
+ <console type='pty'>
|
|
|
6ae9ed |
+ <target type='serial' port='0'/>
|
|
|
6ae9ed |
+ </console>
|
|
|
6ae9ed |
+ <input type='mouse' bus='ps2'/>
|
|
|
6ae9ed |
+ <input type='keyboard' bus='ps2'/>
|
|
|
6ae9ed |
+ <memballoon model='virtio'/>
|
|
|
6ae9ed |
+ </devices>
|
|
|
6ae9ed |
+</domain>
|
|
|
6ae9ed |
--
|
|
|
6ae9ed |
2.9.2
|
|
|
6ae9ed |
|