From patchwork Tue Mar 12 22:56:29 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 1055809 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44Jr9C2Pq5z9s55 for ; Wed, 13 Mar 2019 10:02:55 +1100 (AEDT) Received: from localhost ([127.0.0.1]:34758 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h3qQ9-00052i-5t for incoming@patchwork.ozlabs.org; Tue, 12 Mar 2019 19:02:53 -0400 Received: from eggs.gnu.org ([209.51.188.92]:49552) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h3qPD-00051D-4r for qemu-devel@nongnu.org; Tue, 12 Mar 2019 19:01:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h3qPC-0000eZ-AV for qemu-devel@nongnu.org; Tue, 12 Mar 2019 19:01:55 -0400 Received: from mx1.redhat.com ([209.132.183.28]:59990) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h3qKK-0005ey-5e; Tue, 12 Mar 2019 18:56:52 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 66633307D90F; Tue, 12 Mar 2019 22:56:51 +0000 (UTC) Received: from x1w.redhat.com (ovpn-204-23.brq.redhat.com [10.40.204.23]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2432F60C1B; Tue, 12 Mar 2019 22:56:45 +0000 (UTC) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Date: Tue, 12 Mar 2019 23:56:29 +0100 Message-Id: <20190312225632.29777-2-philmd@redhat.com> In-Reply-To: <20190312225632.29777-1-philmd@redhat.com> References: <20190312225632.29777-1-philmd@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Tue, 12 Mar 2019 22:56:51 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v4 1/4] hw/nvram/fw_cfg: Add fw_cfg_add_file_from_host() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Eduardo Habkost , "Michael S. Tsirkin" , =?utf-8?q?Philippe_Mathieu-Dau?= =?utf-8?b?ZMOp?= , Markus Armbruster , qemu-arm@nongnu.org, Gerd Hoffmann , Paolo Bonzini , Laszlo Ersek Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Add a function to read the full content of file on the host, and add a new 'file' name item to the fw_cfg device. Signed-off-by: Philippe Mathieu-Daudé --- v2: s/ptr/data, corrected documentation (Laszlo) v3: inverted the if() logic v4: does not return pointer to alloc'd data (Markus) --- hw/nvram/fw_cfg.c | 23 +++++++++++++++++++++++ include/hw/nvram/fw_cfg.h | 25 +++++++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c index 5c3a46ce6f..a8fb829162 100644 --- a/hw/nvram/fw_cfg.c +++ b/hw/nvram/fw_cfg.c @@ -825,6 +825,29 @@ void fw_cfg_add_file(FWCfgState *s, const char *filename, fw_cfg_add_file_callback(s, filename, NULL, NULL, NULL, data, len, true); } +bool fw_cfg_add_file_from_host(FWCfgState *s, const char *filename, + const char *host_path, size_t *len, + Error **errp) +{ + GError *gerr = NULL; + gchar *data = NULL; + gsize contents_len = 0; + + if (!g_file_get_contents(host_path, &data, &contents_len, &gerr)) { + error_setg(errp, "%s", gerr->message); + g_error_free(gerr); + return false; + } + fw_cfg_add_file(s, filename, data, contents_len); + /* TODO g_free 'data' */ + + if (len) { + *len = contents_len; + } + + return true; +} + void *fw_cfg_modify_file(FWCfgState *s, const char *filename, void *data, size_t len) { diff --git a/include/hw/nvram/fw_cfg.h b/include/hw/nvram/fw_cfg.h index f5a6895a74..4c8cdd89bb 100644 --- a/include/hw/nvram/fw_cfg.h +++ b/include/hw/nvram/fw_cfg.h @@ -166,6 +166,31 @@ void fw_cfg_add_i64(FWCfgState *s, uint16_t key, uint64_t value); void fw_cfg_add_file(FWCfgState *s, const char *filename, void *data, size_t len); +/** + * fw_cfg_add_file_from_host: + * @s: fw_cfg device being modified + * @filename: name of new fw_cfg file item + * @host_path: path of the host file to read the data from + * @len: pointer to hold the length of the host file (optional) + * @errp: pointer to a NULL initialized error object + * + * Read the content of a host file as a raw "blob" then add a new NAMED + * fw_cfg item of the file size. If @len is provided, it will contain the + * total length read from the host file. The data read from the host + * filesystem is owned by the new fw_cfg entry, and is stored into the data + * structure of the fw_cfg device. + * The next available (unused) selector key starting at FW_CFG_FILE_FIRST + * will be used; also, a new entry will be added to the file directory + * structure residing at key value FW_CFG_FILE_DIR, containing the item name, + * data size, and assigned selector key value. + * + * Returns true on success, false on failure. In the latter case, + * an Error object is returned through @errp. + */ +bool fw_cfg_add_file_from_host(FWCfgState *s, const char *filename, + const char *host_path, size_t *len, + Error **errp); + /** * fw_cfg_add_file_callback: * @s: fw_cfg device being modified From patchwork Tue Mar 12 22:56:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 1055810 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44Jr9m5Xx5z9s55 for ; Wed, 13 Mar 2019 10:03:22 +1100 (AEDT) Received: from localhost ([127.0.0.1]:34762 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h3qQZ-0005Hb-Ly for incoming@patchwork.ozlabs.org; Tue, 12 Mar 2019 19:03:19 -0400 Received: from eggs.gnu.org ([209.51.188.92]:49623) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h3qPW-0005G3-2Q for qemu-devel@nongnu.org; Tue, 12 Mar 2019 19:02:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h3qPU-0000vh-AH for qemu-devel@nongnu.org; Tue, 12 Mar 2019 19:02:14 -0400 Received: from mx1.redhat.com ([209.132.183.28]:45990) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h3qKa-0005sb-7A; Tue, 12 Mar 2019 18:57:08 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7C290C049D63; Tue, 12 Mar 2019 22:57:07 +0000 (UTC) Received: from x1w.redhat.com (ovpn-204-23.brq.redhat.com [10.40.204.23]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DDFAA6919F; Tue, 12 Mar 2019 22:56:52 +0000 (UTC) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Date: Tue, 12 Mar 2019 23:56:30 +0100 Message-Id: <20190312225632.29777-3-philmd@redhat.com> In-Reply-To: <20190312225632.29777-1-philmd@redhat.com> References: <20190312225632.29777-1-philmd@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 12 Mar 2019 22:57:07 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v4 2/4] hw/firmware: Add Edk2Crypto and edk2_add_host_crypto_policy() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Eduardo Habkost , "Michael S. Tsirkin" , =?utf-8?q?Philippe_Mathieu-Dau?= =?utf-8?b?ZMOp?= , Markus Armbruster , qemu-arm@nongnu.org, Gerd Hoffmann , Paolo Bonzini , Laszlo Ersek Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The Edk2Crypto object is used to hold configuration values specific to EDK2. The edk2_add_host_crypto_policy() function loads crypto policies from the host, and register them as fw_cfg named file items. So far only the 'https' policy is supported. A usercase example is the 'HTTPS Boof' feature of OVMF [*]. Usage example: $ qemu-system-x86_64 \ --object edk2_crypto,id=https,\ ciphers=/etc/crypto-policies/back-ends/openssl.config,\ cacerts=/etc/pki/ca-trust/extracted/edk2/cacerts.bin (On Fedora these files are provided by the ca-certificates and crypto-policies packages). [*]: https://github.com/tianocore/edk2/blob/master/OvmfPkg/README Signed-off-by: Philippe Mathieu-Daudé --- v3: - '-object' -> '--object' in commit description (Eric) - reworded the 'TODO: g_free' comment v4: - INTERFACE_CHECK -> OBJECT_CLASS_CHECK (Markus) - path -> filename (Markus) - dropped the 'TODO: g_free' comment (Markus) - only allow 1 singleton (Markus) --- MAINTAINERS | 8 ++ hw/Makefile.objs | 1 + hw/firmware/Makefile.objs | 1 + hw/firmware/uefi_edk2_crypto_policies.c | 182 ++++++++++++++++++++++++ include/hw/firmware/uefi_edk2.h | 30 ++++ 5 files changed, 222 insertions(+) create mode 100644 hw/firmware/Makefile.objs create mode 100644 hw/firmware/uefi_edk2_crypto_policies.c create mode 100644 include/hw/firmware/uefi_edk2.h diff --git a/MAINTAINERS b/MAINTAINERS index d326756079..1d6c30cab4 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -2207,6 +2207,14 @@ F: include/hw/i2c/smbus_master.h F: include/hw/i2c/smbus_slave.h F: include/hw/i2c/smbus_eeprom.h +EDK2 Firmware +M: Laszlo Ersek +M: Philippe Mathieu-Daudé +S: Maintained +F: docs/interop/firmware.json +F: hw/firmware/uefi_edk2_crypto_policies.c +F: include/hw/firmware/uefi_edk2.h + Usermode Emulation ------------------ Overall diff --git a/hw/Makefile.objs b/hw/Makefile.objs index 82aa7fab8e..2b075aa1e0 100644 --- a/hw/Makefile.objs +++ b/hw/Makefile.objs @@ -8,6 +8,7 @@ devices-dirs-$(CONFIG_SOFTMMU) += char/ devices-dirs-$(CONFIG_SOFTMMU) += cpu/ devices-dirs-$(CONFIG_SOFTMMU) += display/ devices-dirs-$(CONFIG_SOFTMMU) += dma/ +devices-dirs-$(CONFIG_SOFTMMU) += firmware/ devices-dirs-$(CONFIG_SOFTMMU) += gpio/ devices-dirs-$(CONFIG_HYPERV) += hyperv/ devices-dirs-$(CONFIG_I2C) += i2c/ diff --git a/hw/firmware/Makefile.objs b/hw/firmware/Makefile.objs new file mode 100644 index 0000000000..ea1f6d44df --- /dev/null +++ b/hw/firmware/Makefile.objs @@ -0,0 +1 @@ +common-obj-y += uefi_edk2_crypto_policies.o diff --git a/hw/firmware/uefi_edk2_crypto_policies.c b/hw/firmware/uefi_edk2_crypto_policies.c new file mode 100644 index 0000000000..c253115142 --- /dev/null +++ b/hw/firmware/uefi_edk2_crypto_policies.c @@ -0,0 +1,182 @@ +/* + * UEFI EDK2 Support + * + * Copyright (c) 2019 Red Hat Inc. + * + * Author: + * Philippe Mathieu-Daudé + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "qom/object_interfaces.h" +#include "hw/firmware/uefi_edk2.h" + + +#define TYPE_EDK2_CRYPTO "edk2_crypto" + +#define EDK2_CRYPTO_CLASS(klass) \ + OBJECT_CLASS_CHECK(Edk2CryptoClass, (klass), \ + TYPE_EDK2_CRYPTO) +#define EDK2_CRYPTO_GET_CLASS(obj) \ + OBJECT_GET_CLASS(Edk2CryptoClass, (obj), \ + TYPE_EDK2_CRYPTO) +#define EDK2_CRYPTO(obj) \ + OBJECT_CHECK(Edk2Crypto, (obj), \ + TYPE_EDK2_CRYPTO) + +typedef struct Edk2Crypto { + Object parent_obj; + + bool initialized; + + /* + * Path to the acceptable ciphersuites and the preferred order from + * the host-side crypto policy. + */ + char *ciphers_filename; + + /* Path to the trusted CA certificates configured on the host side. */ + char *cacerts_filename; +} Edk2Crypto; + +typedef struct Edk2CryptoClass { + ObjectClass parent_class; +} Edk2CryptoClass; + + +static void edk2_crypto_prop_set_ciphers(Object *obj, const char *value, + Error **errp G_GNUC_UNUSED) +{ + Edk2Crypto *s = EDK2_CRYPTO(obj); + + g_free(s->ciphers_filename); + s->ciphers_filename = g_strdup(value); +} + +static char *edk2_crypto_prop_get_ciphers(Object *obj, + Error **errp G_GNUC_UNUSED) +{ + Edk2Crypto *s = EDK2_CRYPTO(obj); + + return g_strdup(s->ciphers_filename); +} + +static void edk2_crypto_prop_set_cacerts(Object *obj, const char *value, + Error **errp G_GNUC_UNUSED) +{ + Edk2Crypto *s = EDK2_CRYPTO(obj); + + g_free(s->cacerts_filename); + s->cacerts_filename = g_strdup(value); +} + +static char *edk2_crypto_prop_get_cacerts(Object *obj, + Error **errp G_GNUC_UNUSED) +{ + Edk2Crypto *s = EDK2_CRYPTO(obj); + + return g_strdup(s->cacerts_filename); +} + +static void edk2_crypto_finalize(Object *obj) +{ + Edk2Crypto *s = EDK2_CRYPTO(obj); + + g_free(s->ciphers_filename); + g_free(s->cacerts_filename); +} + +static void edk2_crypto_class_init(ObjectClass *oc, void *data) +{ + object_class_property_add_str(oc, "ciphers", + edk2_crypto_prop_get_ciphers, + edk2_crypto_prop_set_ciphers, + NULL); + object_class_property_add_str(oc, "cacerts", + edk2_crypto_prop_get_cacerts, + edk2_crypto_prop_set_cacerts, + NULL); +} + +static const TypeInfo edk2_crypto_info = { + .parent = TYPE_OBJECT, + .name = TYPE_EDK2_CRYPTO, + .instance_size = sizeof(Edk2Crypto), + .instance_finalize = edk2_crypto_finalize, + .class_size = sizeof(Edk2CryptoClass), + .class_init = edk2_crypto_class_init, + .interfaces = (InterfaceInfo[]) { + { TYPE_USER_CREATABLE }, + { } + } +}; + +static void edk2_crypto_register_types(void) +{ + type_register_static(&edk2_crypto_info); +} + +type_init(edk2_crypto_register_types); + +static Edk2Crypto *edk2_crypto_by_id(const char *edk_crypto_id, Error **errp) +{ + Object *obj; + Object *container; + + container = object_get_objects_root(); + obj = object_resolve_path_component(container, + edk_crypto_id); + if (!obj) { + error_setg(errp, "Cannot find EDK2 crypto object ID %s", + edk_crypto_id); + return NULL; + } + + if (!object_dynamic_cast(obj, TYPE_EDK2_CRYPTO)) { + error_setg(errp, "Object '%s' is not a EDK2 crypto subclass", + edk_crypto_id); + return NULL; + } + + return EDK2_CRYPTO(obj); +} + +bool edk2_add_host_crypto_policy(FWCfgState *fw_cfg, Error **errp) +{ + Edk2Crypto *s; + Error *local_err = NULL; + + s = edk2_crypto_by_id("https", NULL); + if (!s) { + return true; + } + if (s->initialized) { + error_setg(errp, "EDK2 host crypto policy already initialized"); + return false; + } + s->initialized = true; + + if (s->ciphers_filename) { + if (!fw_cfg_add_file_from_host(fw_cfg, "etc/edk2/https/ciphers", + s->ciphers_filename, NULL, + &local_err)) { + goto report_error; + } + } + if (s->cacerts_filename) { + if (!fw_cfg_add_file_from_host(fw_cfg, "etc/edk2/https/cacerts", + s->cacerts_filename, NULL, + &local_err)) { + goto report_error; + } + } + return true; + + report_error: + error_propagate_prepend(errp, local_err, "EDK2 host crypto policy: "); + return false; +} diff --git a/include/hw/firmware/uefi_edk2.h b/include/hw/firmware/uefi_edk2.h new file mode 100644 index 0000000000..ff4a5439ce --- /dev/null +++ b/include/hw/firmware/uefi_edk2.h @@ -0,0 +1,30 @@ +/* + * UEFI EDK2 Support + * + * Copyright (c) 2019 Red Hat Inc. + * + * Author: + * Philippe Mathieu-Daudé + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#ifndef HW_FIRMWARE_UEFI_EDK2_H +#define HW_FIRMWARE_UEFI_EDK2_H + +#include "hw/nvram/fw_cfg.h" + +/** + * edk2_add_host_crypto_policy: + * @s: fw_cfg device being modified + * @errp: pointer to a NULL initialized error object + * + * Add a new named file containing the host crypto policy. + * + * Returns true on success, false on failure. In the latter case, + * an Error object is returned through @errp. + */ +bool edk2_add_host_crypto_policy(FWCfgState *fw_cfg, Error **errp); + +#endif /* HW_FIRMWARE_UEFI_EDK2_H */ From patchwork Tue Mar 12 22:56:31 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 1055806 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44Jr3c2Gh0z9s55 for ; Wed, 13 Mar 2019 09:58:02 +1100 (AEDT) Received: from localhost ([127.0.0.1]:34692 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h3qLP-00020U-Am for incoming@patchwork.ozlabs.org; Tue, 12 Mar 2019 18:57:59 -0400 Received: from eggs.gnu.org ([209.51.188.92]:48785) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h3qKs-0001wT-H5 for qemu-devel@nongnu.org; Tue, 12 Mar 2019 18:57:27 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h3qKr-000678-Nd for qemu-devel@nongnu.org; Tue, 12 Mar 2019 18:57:26 -0400 Received: from mx1.redhat.com ([209.132.183.28]:37010) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h3qKp-00065O-CZ; Tue, 12 Mar 2019 18:57:23 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9B9F33091799; Tue, 12 Mar 2019 22:57:22 +0000 (UTC) Received: from x1w.redhat.com (ovpn-204-23.brq.redhat.com [10.40.204.23]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8C8D769190; Tue, 12 Mar 2019 22:57:08 +0000 (UTC) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Date: Tue, 12 Mar 2019 23:56:31 +0100 Message-Id: <20190312225632.29777-4-philmd@redhat.com> In-Reply-To: <20190312225632.29777-1-philmd@redhat.com> References: <20190312225632.29777-1-philmd@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Tue, 12 Mar 2019 22:57:22 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v4 3/4] hw/i386: Use edk2_add_host_crypto_policy() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Eduardo Habkost , "Michael S. Tsirkin" , =?utf-8?q?Philippe_Mathieu-Dau?= =?utf-8?b?ZMOp?= , Markus Armbruster , qemu-arm@nongnu.org, Gerd Hoffmann , Paolo Bonzini , Laszlo Ersek , Richard Henderson Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Enable the EDK2 Crypto Policy features on the PC machine. Signed-off-by: Philippe Mathieu-Daudé --- hw/i386/pc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hw/i386/pc.c b/hw/i386/pc.c index 1cdaff5f4d..f0bef84ccf 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -38,6 +38,7 @@ #include "hw/nvram/fw_cfg.h" #include "hw/timer/hpet.h" #include "hw/firmware/smbios.h" +#include "hw/firmware/uefi_edk2.h" #include "hw/loader.h" #include "elf.h" #include "multiboot.h" @@ -1047,6 +1048,11 @@ static FWCfgState *bochs_bios_init(AddressSpace *as, PCMachineState *pcms) return fw_cfg; } +static void pc_uefi_setup(PCMachineState *pcms) +{ + edk2_add_host_crypto_policy(pcms->fw_cfg, &error_fatal); +} + static long get_file_size(FILE *f) { long where, size; @@ -1651,6 +1657,7 @@ void pc_machine_done(Notifier *notifier, void *data) if (pcms->fw_cfg) { pc_build_smbios(pcms); pc_build_feature_control_file(pcms); + pc_uefi_setup(pcms); /* update FW_CFG_NB_CPUS to account for -device added CPUs */ fw_cfg_modify_i16(pcms->fw_cfg, FW_CFG_NB_CPUS, pcms->boot_cpus); } From patchwork Tue Mar 12 22:56:32 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 1055807 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44Jr3y5R7yz9s70 for ; Wed, 13 Mar 2019 09:58:22 +1100 (AEDT) Received: from localhost ([127.0.0.1]:34694 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h3qLk-00029q-ON for incoming@patchwork.ozlabs.org; Tue, 12 Mar 2019 18:58:20 -0400 Received: from eggs.gnu.org ([209.51.188.92]:48870) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h3qLE-000273-A9 for qemu-devel@nongnu.org; Tue, 12 Mar 2019 18:57:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h3qLD-0006Nh-5i for qemu-devel@nongnu.org; Tue, 12 Mar 2019 18:57:48 -0400 Received: from mx1.redhat.com ([209.132.183.28]:33242) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h3qLB-0006Lf-8G; Tue, 12 Mar 2019 18:57:45 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 887053086201; Tue, 12 Mar 2019 22:57:44 +0000 (UTC) Received: from x1w.redhat.com (ovpn-204-23.brq.redhat.com [10.40.204.23]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7F47660C1B; Tue, 12 Mar 2019 22:57:23 +0000 (UTC) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Date: Tue, 12 Mar 2019 23:56:32 +0100 Message-Id: <20190312225632.29777-5-philmd@redhat.com> In-Reply-To: <20190312225632.29777-1-philmd@redhat.com> References: <20190312225632.29777-1-philmd@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Tue, 12 Mar 2019 22:57:44 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v4 4/4] hw/arm/virt: Use edk2_add_host_crypto_policy() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Eduardo Habkost , "Michael S. Tsirkin" , =?utf-8?q?Philippe_Mathieu-Dau?= =?utf-8?b?ZMOp?= , Markus Armbruster , qemu-arm@nongnu.org, Gerd Hoffmann , Paolo Bonzini , Laszlo Ersek Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Enable the EDK2 Crypto Policy features on the Virt machine. Signed-off-by: Philippe Mathieu-Daudé --- hw/arm/virt.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index ce2664a30b..927d4ff31a 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -56,6 +56,7 @@ #include "hw/intc/arm_gicv3_common.h" #include "kvm_arm.h" #include "hw/firmware/smbios.h" +#include "hw/firmware/uefi_edk2.h" #include "qapi/visitor.h" #include "standard-headers/linux/input.h" #include "hw/arm/smmuv3.h" @@ -1301,6 +1302,11 @@ static void virt_build_smbios(VirtMachineState *vms) } } +static void virt_uefi_setup(VirtMachineState *vms) +{ + edk2_add_host_crypto_policy(vms->fw_cfg, &error_fatal); +} + static void virt_machine_done(Notifier *notifier, void *data) { @@ -1329,6 +1335,7 @@ void virt_machine_done(Notifier *notifier, void *data) virt_acpi_setup(vms); virt_build_smbios(vms); + virt_uefi_setup(vms); } static uint64_t virt_cpu_mp_affinity(VirtMachineState *vms, int idx)