[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 0/5] x86/loader: secure boot support for direct kernel load
From: |
Gerd Hoffmann |
Subject: |
[PATCH 0/5] x86/loader: secure boot support for direct kernel load |
Date: |
Thu, 11 Apr 2024 11:48:24 +0200 |
This series allows to boot linux kernels and other efi binaries via
direct kernel load with secure boot enabled.
The series adds two new fw_cfg files: 'etc/boot/kernel' contains the
kernel without modifications (no setup header patching), and
'etc/boot/shim' contains shim.
The path to the shim binary can be passed to qemu using the new '-shim'
command line switch.
This needs a companion patch series for tianocore which will put the new
fw_cfg files into use, a draft of that series can be found here:
https://github.com/kraxel/edk2/commits/devel/direct-secure-boot/
With everything in place it is possible to use direct kernel load with
secure boot enabled.
take care,
Gerd
Gerd Hoffmann (5):
vl: fix qemu_validate_options() indention
x86/loader: only patch linux kernels
x86/loader: read complete kernel
x86/loader: expose unpatched kernel
x86/loader: add -shim option
include/hw/boards.h | 1 +
hw/core/machine.c | 20 ++++++++++++++++++++
hw/i386/x86.c | 32 ++++++++++++++++++++++++++------
system/vl.c | 25 +++++++++++++++++--------
qemu-options.hx | 7 +++++++
5 files changed, 71 insertions(+), 14 deletions(-)
--
2.44.0
- [PATCH 0/5] x86/loader: secure boot support for direct kernel load,
Gerd Hoffmann <=
- [PATCH 1/5] vl: fix qemu_validate_options() indention, Gerd Hoffmann, 2024/04/11
- [PATCH 2/5] x86/loader: only patch linux kernels, Gerd Hoffmann, 2024/04/11
- [PATCH 3/5] x86/loader: read complete kernel, Gerd Hoffmann, 2024/04/11
- [PATCH 4/5] x86/loader: expose unpatched kernel, Gerd Hoffmann, 2024/04/11
- [PATCH 5/5] x86/loader: add -shim option, Gerd Hoffmann, 2024/04/11