[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-9.2.1 04/41] x86/loader: only patch linux kernels
|
From: |
Michael Tokarev |
|
Subject: |
[Stable-9.2.1 04/41] x86/loader: only patch linux kernels |
|
Date: |
Mon, 27 Jan 2025 17:17:18 +0300 |
From: Gerd Hoffmann <kraxel@redhat.com>
If the binary loaded via -kernel is *not* a linux kernel (in which
case protocol == 0), do not patch the linux kernel header fields.
It's (a) pointless and (b) might break binaries by random patching
and (c) changes the binary hash which in turn breaks secure boot
verification.
Background: OVMF happily loads and runs not only linux kernels but
any efi binary via direct kernel boot.
Note: Breaking the secure boot verification is a problem for linux
kernels too, but fixed that is left for another day ...
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20240905141211.1253307-3-kraxel@redhat.com>
(cherry picked from commit 57e2cc9abf5da38f600354fe920ff20e719607b4)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
index dc031af662..dadc9d99e7 100644
--- a/hw/i386/x86-common.c
+++ b/hw/i386/x86-common.c
@@ -945,7 +945,7 @@ void x86_load_linux(X86MachineState *x86ms,
* kernel on the other side of the fw_cfg interface matches the hash of the
* file the user passed in.
*/
- if (!sev_enabled()) {
+ if (!sev_enabled() && protocol > 0) {
memcpy(setup, header, MIN(sizeof(header), setup_size));
}
--
2.39.5
- [Stable-9.2.1 08/41] meson.build: Disallow libnfs v6 to fix the broken macOS build, (continued)
- [Stable-9.2.1 08/41] meson.build: Disallow libnfs v6 to fix the broken macOS build, Michael Tokarev, 2025/01/27
- [Stable-9.2.1 11/41] s390x/s390-virtio-ccw: don't crash on weird RAM sizes, Michael Tokarev, 2025/01/27
- [Stable-9.2.1 06/41] pc-bios: add missing riscv64 descriptor, Michael Tokarev, 2025/01/27
- [Stable-9.2.1 05/41] roms: re-add edk2-basetools target, Michael Tokarev, 2025/01/27
- [Stable-9.2.1 29/41] hw/ufs: Adjust value to match CPU's endian format, Michael Tokarev, 2025/01/27
- [Stable-9.2.1 31/41] backends/cryptodev-vhost-user: Fix local_error leaks, Michael Tokarev, 2025/01/27
- [Stable-9.2.1 35/41] tests: acpi: whitelist expected blobs, Michael Tokarev, 2025/01/27
- [Stable-9.2.1 34/41] pci/msix: Fix msix pba read vector poll end calculation, Michael Tokarev, 2025/01/27
- [Stable-9.2.1 09/41] target/i386: Reset TSCs of parked vCPUs too on VM reset, Michael Tokarev, 2025/01/27
- [Stable-9.2.1 03/41] tcg/riscv: Fix StoreStore barrier generation, Michael Tokarev, 2025/01/27
- [Stable-9.2.1 04/41] x86/loader: only patch linux kernels,
Michael Tokarev <=
- [Stable-9.2.1 30/41] tests/qtest/boot-serial-test: Correct HPPA machine name, Michael Tokarev, 2025/01/27
- [Stable-9.2.1 32/41] hw/usb/hcd-xhci-pci: Use modulo to select MSI vector as per spec, Michael Tokarev, 2025/01/27
- [Stable-9.2.1 33/41] pci: ensure valid link status bits for downstream ports, Michael Tokarev, 2025/01/27
- [Stable-9.2.1 14/41] docs: Correct release of TCG trace-events removal, Michael Tokarev, 2025/01/27
- [Stable-9.2.1 10/41] hw/intc/riscv_aplic: Fix APLIC in_clrip and clripnum write emulation, Michael Tokarev, 2025/01/27
- [Stable-9.2.1 07/41] hw/intc/arm_gicv3_its: Zero initialize local DTEntry etc structs, Michael Tokarev, 2025/01/27
- [Stable-9.2.1 13/41] docs: Correct '-runas' and '-fsdev/-virtfs proxy' indentation, Michael Tokarev, 2025/01/27
- [Stable-9.2.1 15/41] target/i386/cpu: Fix notes for CPU models, Michael Tokarev, 2025/01/27
- [Stable-9.2.1 12/41] target/loongarch: Use actual operand size with vbsrl check, Michael Tokarev, 2025/01/27
- [Stable-9.2.1 17/41] migration/multifd: Fix compat with QEMU < 9.0, Michael Tokarev, 2025/01/27