From: Gerd Hoffmann <kraxel@redhat.com>
Date: Thu, 5 Sep 2024 14:12:09 +0000 (+0200)
Subject: x86/loader: expose unpatched kernel
X-Git-Tag: v10.0.0-rc0~116^2~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f2594d928444fc4d593117db2da8c9ffa26433f7;p=thirdparty%2Fqemu.git

x86/loader: expose unpatched kernel

Add a new "etc/boot/kernel" fw_cfg file, containing the kernel without
the setup header patches.  Intended use is booting in UEFI with secure
boot enabled, where the setup header patching breaks secure boot
verification.

Needs OVMF changes too to be actually useful.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20240905141211.1253307-5-kraxel@redhat.com>
---

diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
index 28341b42d94..1cef3045ad8 100644
--- a/hw/i386/x86-common.c
+++ b/hw/i386/x86-common.c
@@ -962,6 +962,9 @@ void x86_load_linux(X86MachineState *x86ms,
     sev_load_ctx.setup_data = (char *)setup;
     sev_load_ctx.setup_size = setup_size;
 
+    /* kernel without setup header patches */
+    fw_cfg_add_file(fw_cfg, "etc/boot/kernel", kernel, kernel_size);
+
     if (sev_enabled()) {
         sev_add_kernel_loader_hashes(&sev_load_ctx, &error_fatal);
     }