From 8d9b2ba3738c9447c1cdea9ea1b81eee3ffe00f4 Mon Sep 17 00:00:00 2001
Message-Id: <8d9b2ba3738c9447c1cdea9ea1b81eee3ffe00f4@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Fri, 5 Aug 2016 14:35:26 +0200
Subject: [PATCH] Introduce @secure attribute to os loader element
https://bugzilla.redhat.com/show_bug.cgi?id=1304483
This element will control secure boot implemented by some
firmwares. If the firmware used in <loader/> does support the
feature we must tell it to the underlying hypervisor. However, we
can't know whether loader does support it or not just by looking
at the file. Therefore we have to have an attribute to the
element where users can tell us whether the firmware is secure
boot enabled or not.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 64c24800437ee372d228103291626705892c3ad9)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
docs/formatdomain.html.in | 7 ++--
docs/schemas/domaincommon.rng | 8 +++++
src/conf/domain_conf.c | 14 ++++++++
src/conf/domain_conf.h | 1 +
.../qemuxml2argv-bios-nvram-secure.xml | 41 ++++++++++++++++++++++
5 files changed, 69 insertions(+), 2 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-bios-nvram-secure.xml
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 4d4d601..c2e261d 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -102,7 +102,7 @@
...
<os>
<type>hvm</type>
- <loader readonly='yes' type='rom'>/usr/lib/xen/boot/hvmloader</loader>
+ <loader readonly='yes' secure='no' type='rom'>/usr/lib/xen/boot/hvmloader</loader>
<nvram template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/nvram/guest_VARS.fd</nvram>
<boot dev='hd'/>
<boot dev='cdrom'/>
@@ -140,7 +140,10 @@
<code>pflash</code>. It tells the hypervisor where in the guest
memory the file should be mapped. For instance, if the loader
path points to an UEFI image, <code>type</code> should be
- <code>pflash</code>.</dd>
+ <code>pflash</code>. Moreover, some firmwares may
+ implement the Secure boot feature. Attribute
+ <code>secure</code> can be used then to control it.
+ <span class="since">Since 2.1.0</span></dd>
<dt><code>nvram</code></dt>
<dd>Some UEFI firmwares may want to use a non-volatile memory to store
some variables. In the host, this is represented as a file and the
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 3960a98..497597c 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -260,6 +260,14 @@
</attribute>
</optional>
<optional>
+ <attribute name="secure">
+ <choice>
+ <value>yes</value>
+ <value>no</value>
+ </choice>
+ </attribute>
+ </optional>
+ <optional>
<attribute name="type">
<choice>
<value>rom</value>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index c02c821..715ca2b 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -15371,9 +15371,11 @@ virDomainLoaderDefParseXML(xmlNodePtr node,
{
int ret = -1;
char *readonly_str = NULL;
+ char *secure_str = NULL;
char *type_str = NULL;
readonly_str = virXMLPropString(node, "readonly");
+ secure_str = virXMLPropString(node, "secure");
type_str = virXMLPropString(node, "type");
loader->path = (char *) xmlNodeGetContent(node);
@@ -15384,6 +15386,13 @@ virDomainLoaderDefParseXML(xmlNodePtr node,
goto cleanup;
}
+ if (secure_str &&
+ (loader->secure = virTristateBoolTypeFromString(secure_str)) <= 0) {
+ virReportError(VIR_ERR_XML_DETAIL,
+ _("unknown secure value: %s"), secure_str);
+ goto cleanup;
+ }
+
if (type_str) {
int type;
if ((type = virDomainLoaderTypeFromString(type_str)) < 0) {
@@ -15397,6 +15406,7 @@ virDomainLoaderDefParseXML(xmlNodePtr node,
ret = 0;
cleanup:
VIR_FREE(readonly_str);
+ VIR_FREE(secure_str);
VIR_FREE(type_str);
return ret;
}
@@ -22512,6 +22522,7 @@ virDomainLoaderDefFormat(virBufferPtr buf,
virDomainLoaderDefPtr loader)
{
const char *readonly = virTristateBoolTypeToString(loader->readonly);
+ const char *secure = virTristateBoolTypeToString(loader->secure);
const char *type = virDomainLoaderTypeToString(loader->type);
virBufferAddLit(buf, "<loader");
@@ -22519,6 +22530,9 @@ virDomainLoaderDefFormat(virBufferPtr buf,
if (loader->readonly)
virBufferAsprintf(buf, " readonly='%s'", readonly);
+ if (loader->secure)
+ virBufferAsprintf(buf, " secure='%s'", secure);
+
virBufferAsprintf(buf, " type='%s'>", type);
virBufferEscapeString(buf, "%s</loader>\n", loader->path);
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 88b0122..6eed30e 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1731,6 +1731,7 @@ struct _virDomainLoaderDef {
char *path;
int readonly; /* enum virTristateBool */
virDomainLoader type;
+ int secure; /* enum virTristateBool */
char *nvram; /* path to non-volatile RAM */
char *templt; /* user override of path to master nvram */
};
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-bios-nvram-secure.xml b/tests/qemuxml2argvdata/qemuxml2argv-bios-nvram-secure.xml
new file mode 100644
index 0000000..0ddddfe3
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-bios-nvram-secure.xml
@@ -0,0 +1,41 @@
+<domain type='qemu'>
+ <name>test-bios</name>
+ <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
+ <memory unit='KiB'>1048576</memory>
+ <currentMemory unit='KiB'>1048576</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc-q35-2.5'>hvm</type>
+ <loader readonly='yes' secure='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
+ <nvram>/usr/share/OVMF/OVMF_VARS.fd</nvram>
+ <boot dev='hd'/>
+ <bootmenu enable='yes'/>
+ </os>
+ <features>
+ <acpi/>
+ <smm state='on'/>
+ </features>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>restart</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu</emulator>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='sda' bus='scsi'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='scsi' index='0'/>
+ <controller type='pci' index='0' model='pcie-root'/>
+ <serial type='pty'>
+ <target port='0'/>
+ </serial>
+ <console type='pty'>
+ <target type='serial' port='0'/>
+ </console>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <memballoon model='virtio'/>
+ </devices>
+</domain>
--
2.9.2