On 4/16/25 6:11 PM, Collin Walling wrote:
> On 4/8/25 11:55 AM, Zhuoying Cai wrote:
>> If secure boot in audit mode or True Secure IPL mode is enabled without
>> specifying a boot device, the boot process will terminate with an error.
>>
>> Signed-off-by: Zhuoying Cai <zy...@linux.ibm.com>
>> ---
>> hw/s390x/ipl.c | 10 ++++++++++
>> 1 file changed, 10 insertions(+)
>>
>> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
>> index 60bafcbd2e..0510f16a7d 100644
>> --- a/hw/s390x/ipl.c
>> +++ b/hw/s390x/ipl.c
>> @@ -767,6 +767,16 @@ void s390_ipl_prepare_cpu(S390CPU *cpu)
>> s390_ipl_create_cert_store(&ipl->cert_store);
>> if (!ipl->iplb_valid) {
>> ipl->iplb_valid = s390_init_all_iplbs(ipl);
>> +
>> + /*
>> + * Secure IPL without specifying a boot device.
>> + * IPLB is not generated if no boot device is defined.
>> + */
>> + if ((s390_has_certificate() || s390_secure_boot_enabled()) &&
>> + !ipl->iplb_valid) {
>> + error_report("No boot devicie defined for Secure IPL");
>> + exit(1);
>> + }
>
> I'm confused why this check is needed. If there is no valid iplb, won't
> boot just fail outright anyway?
>
If no boot device is specified, the BIOS will still scan all channels to
find a bootable device (as defined in probe_boot_device() within
pc-bios/s390-ccw/main.c).
Boot will proceed if a bootable device is found, but the IPLB will not
be generated on the host side in this case. We cannot determine whether
secure boot is enabled, since it's indicated by the IPLB flags.
Therefore, specifying secure IPL without a boot device cause the process
to terminate early.
>> } else {
>> ipl->qipl.chain_len = 0;
>> }
>
>
