From: Michal Privoznik Date: Tue, 4 Mar 2025 14:46:13 +0000 (+0100) Subject: conf: Introduce os/shim element X-Git-Tag: v11.2.0-rc1~212 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6b63334233f4f56b5408b9fb52a15f8162017951;p=thirdparty%2Flibvirt.git conf: Introduce os/shim element For secure boot environments where is signed, it may be unfeasible to keep the binary up to date (esp. when revoking certificates contained within). To address that, QEMU introduced '-shim' cmd line option which side loads another UEFI binary which can then contain new certification authorities or list of revocations. Expose it as element that's nested under , just like kernel and initrd are. Signed-off-by: Michal Privoznik Reviewed-by: Pavel Hrdina --- diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index bcae6a3443..4d03768c5f 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -397,6 +397,7 @@ and full virtualized guests. /root/f8-i386-vmlinuz /root/f8-i386-initrd console=ttyS0 ks=http://example.com/f8-i386/os/ + /path/to/shim.efi /root/ppc.dtb ... @@ -417,6 +418,10 @@ and full virtualized guests. The contents of this element specify arguments to be passed to the kernel (or installer) at boot time. This is often used to specify an alternate primary console (eg serial port), or the installation media source / kickstart file +``shim`` + Use specified fully-qualified path to load an initial UEFI bootloader that + handles chaining to a trusted full bootloader under secure boot + environments. ``dtb`` The contents of this element specify the fully-qualified path to the (optional) device tree binary (dtb) image in the host OS. diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 09093cd9f1..d555873848 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -3939,6 +3939,7 @@ virDomainOSDefClear(virDomainOSDef *os) g_free(os->kernel); g_free(os->initrd); g_free(os->cmdline); + g_free(os->shim); g_free(os->dtb); g_free(os->root); for (i = 0; i < os->nacpiTables; i++) @@ -17751,6 +17752,7 @@ virDomainDefParseBootKernelOptions(virDomainDef *def, def->os.kernel = virXPathString("string(./os/kernel[1])", ctxt); def->os.initrd = virXPathString("string(./os/initrd[1])", ctxt); def->os.cmdline = virXPathString("string(./os/cmdline[1])", ctxt); + def->os.shim = virXPathString("string(./os/shim[1])", ctxt); def->os.dtb = virXPathString("string(./os/dtb[1])", ctxt); def->os.root = virXPathString("string(./os/root[1])", ctxt); } @@ -17941,10 +17943,10 @@ virDomainDefParseBootOptions(virDomainDef *def, /* * Booting options for different OS types.... * - * - A bootloader (and optional kernel+initrd) (xen) - * - A kernel + initrd (xen) - * - A boot device (and optional kernel+initrd) (hvm) - * - An init script (exe) + * - A bootloader (and optional kernel+initrd) (xen) + * - A kernel + initrd (xen) + * - A boot device (and optional kernel+initrd(+shim)) (hvm) + * - An init script (exe) */ switch ((virDomainOSType) def->os.type) { @@ -28469,6 +28471,8 @@ virDomainDefFormatInternalSetRootName(virDomainDef *def, def->os.initrd); virBufferEscapeString(buf, "%s\n", def->os.cmdline); + virBufferEscapeString(buf, "%s\n", + def->os.shim); virBufferEscapeString(buf, "%s\n", def->os.dtb); virBufferEscapeString(buf, "%s\n", diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 2c034faf6d..3a97fd866c 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2522,6 +2522,7 @@ struct _virDomainOSDef { char *kernel; char *initrd; char *cmdline; + char *shim; char *dtb; char *root; size_t nacpiTables; diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index 5e2bbb1d9f..f2a98f143d 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -1733,6 +1733,12 @@ virDomainDefOSValidate(const virDomainDef *def, } } + if (def->os.shim && !def->os.kernel) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("shim only allowed with kernel option")); + return -1; + } + return 0; } diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng index 39d5604454..3276569325 100644 --- a/src/conf/schemas/domaincommon.rng +++ b/src/conf/schemas/domaincommon.rng @@ -1552,6 +1552,11 @@ + + + + + diff --git a/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest+amdsev.xml index e289b1e95e..dea8236540 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest+amdsev.xml +++ b/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest+amdsev.xml @@ -9,6 +9,7 @@ /vmlinuz /initrd runme + /shim diff --git a/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest.xml b/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest.xml index e289b1e95e..dea8236540 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest.xml +++ b/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest.xml @@ -9,6 +9,7 @@ /vmlinuz /initrd runme + /shim diff --git a/tests/qemuxmlconfdata/launch-security-sev-direct.xml b/tests/qemuxmlconfdata/launch-security-sev-direct.xml index 80ce6412dd..76277b6278 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-direct.xml +++ b/tests/qemuxmlconfdata/launch-security-sev-direct.xml @@ -9,6 +9,7 @@ /vmlinuz /initrd runme + /shim destroy