diff mbox series

[v2,4/5] x86/loader: expose unpatched kernel

Message ID 20240905141211.1253307-5-kraxel@redhat.com
State New
Headers show
Series x86/loader: secure boot support for direct kernel load | expand

Commit Message

Gerd Hoffmann Sept. 5, 2024, 2:12 p.m. UTC
Add a new "etc/boot/kernel" fw_cfg file, containing the kernel without
the setup header patches.  Intended use is booting in UEFI with secure
boot enabled, where the setup header patching breaks secure boot
verification.

Needs OVMF changes too to be actually useful.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/i386/x86-common.c | 3 +++
 1 file changed, 3 insertions(+)
diff mbox series

Patch

diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
index 82137e053ae0..63cf41711e72 100644
--- a/hw/i386/x86-common.c
+++ b/hw/i386/x86-common.c
@@ -960,6 +960,9 @@  void x86_load_linux(X86MachineState *x86ms,
     sev_load_ctx.setup_data = (char *)setup;
     sev_load_ctx.setup_size = setup_size;
 
+    /* kernel without setup header patches */
+    fw_cfg_add_file(fw_cfg, "etc/boot/kernel", kernel, kernel_size);
+
     if (sev_enabled()) {
         sev_add_kernel_loader_hashes(&sev_load_ctx, &error_fatal);
     }