[tianocore/edk2] 82808b: Revert "OvmfPkg: use generic QEMU image loader for...

Tue, 16 Jun 2020 13:32:16 -0700 

  Branch: refs/heads/master
  Home:   https://github.com/tianocore/edk2
  Commit: 82808b422617ea5d1e62f5c5741eb8ce9dff4a7b
      
https://github.com/tianocore/edk2/commit/82808b422617ea5d1e62f5c5741eb8ce9dff4a7b
  Author: Laszlo Ersek <[email protected]>
  Date:   2020-06-16 (Tue, 16 Jun 2020)

  Changed paths:
    M OvmfPkg/OvmfPkgIa32.dsc
    M OvmfPkg/OvmfPkgIa32X64.dsc
    M OvmfPkg/OvmfPkgX64.dsc

  Log Message:
  -----------
  Revert "OvmfPkg: use generic QEMU image loader for secure boot enabled ..."

This reverts commit ced77332cab626f35fbdb36630be27303d289d79.

The command

  virt-install --location NETWORK-URL

downloads the vmlinuz and initrd files from the remote OS tree, and passes
them to the guest firmware via fw_cfg.

When used with IA32 / X64 guests, virt-install expects the guest firmware
to do two things, at the same time:

- launch the fw_cfg kernel image even if the latter does not pass SB
  verification (SB checking is supposed to be bypassed entirely in favor
  of the Linux/x86 Boot Protocol),

- still let the guest kernel perceive SB as enabled.

Commit ced77332cab6 prevented this, by removing the Linux/x86 Boot
Protocol from such an OVMF image that was built with SECURE_BOOT_ENALBE.
While that's the right thing in theory, in practice "virt-install
--location NETWORK-URL" is entrenched, and we shouldn't break it.

We can tolerate the Linux/x86 Boot Protocol as a one-of-a-kind SB bypass
for direct-booted kernels, because:

- the fw_cfg content comes from QEMU, and the guest is already at QEMU's
  mercy,

- in the guest, OS boots after the initial installation will use "shim"
  rather than an fw_cfg kernel, which we can consider somewhat similar to
  "Audit Mode / Deployed Mode" (~ trust for install, lock down after).

Cc: Ard Biesheuvel <[email protected]>
Cc: Jordan Justen <[email protected]>
Cc: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Laszlo Ersek <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Message-Id: <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
[[email protected]: truncate the subject line, originally auto-generated
 by git-revert, to pacify PatchCheck.py]




_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits

Reply via email to