From: Daan De Meyer Date: Sun, 17 Mar 2024 08:47:54 +0000 (+0100) Subject: qemu: Set vmm.notify_socket credential even if SMBIOS is not supported X-Git-Tag: v23~85^2~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=288e3d2896e04316446f2caa0577076f50b8776e;p=thirdparty%2Fmkosi.git qemu: Set vmm.notify_socket credential even if SMBIOS is not supported Let's apply the same credential passing logic to vmm.notify_socket that we apply to all other credentials. Use SMBIOS if available and fall back to fw_cfg and kernel command line otherwise. --- diff --git a/mkosi/qemu.py b/mkosi/qemu.py index f6f09a09c..a41ea4ae1 100644 --- a/mkosi/qemu.py +++ b/mkosi/qemu.py @@ -763,18 +763,6 @@ def run_qemu(args: Args, config: Config) -> None: else: kcl = config.kernel_command_line_extra - for k, v in config.credentials.items(): - payload = base64.b64encode(v.encode()).decode() - if config.architecture.supports_smbios(firmware): - cmdline += ["-smbios", f"type=11,value=io.systemd.credential.binary:{k}={payload}"] - elif config.architecture.supports_fw_cfg(): - f = stack.enter_context(tempfile.NamedTemporaryFile(prefix="mkosi-fw-cfg", mode="w")) - f.write(v) - f.flush() - cmdline += ["-fw_cfg", f"name=opt/io.systemd.credentials/{k},file={f.name}"] - elif kernel: - kcl += [f"systemd.set_credential_binary={k}:{payload}"] - if kernel: cmdline += ["-kernel", kernel] @@ -817,22 +805,6 @@ def run_qemu(args: Args, config: Config) -> None: ] kcl += [f"systemd.mount-extra=LABEL=scratch:/var/tmp:{config.distribution.filesystem()}"] - if ( - kernel and - ( - KernelType.identify(config, kernel) != KernelType.uki or - not config.architecture.supports_smbios(firmware) - ) - ): - cmdline += ["-append", " ".join(kcl)] - elif config.architecture.supports_smbios(firmware): - cmdline += [ - "-smbios", - f"type=11,value=io.systemd.stub.kernel-cmdline-extra={' '.join(kcl)}", - "-smbios", - f"type=11,value=io.systemd.boot.kernel-cmdline-extra={' '.join(kcl)}", - ] - if config.output_format == OutputFormat.cpio: cmdline += ["-initrd", fname] elif ( @@ -860,9 +832,39 @@ def run_qemu(args: Args, config: Config) -> None: elif config.architecture.is_arm_variant(): cmdline += ["-device", "tpm-tis-device,tpmdev=tpm0"] - if QemuDeviceNode.vhost_vsock in qemu_device_fds and config.architecture.supports_smbios(firmware): + credentials = dict(config.credentials) + + if QemuDeviceNode.vhost_vsock in qemu_device_fds: addr, notifications = stack.enter_context(vsock_notify_handler()) - cmdline += ["-smbios", f"type=11,value=io.systemd.credential:vmm.notify_socket={addr}"] + credentials["vmm.notify_socket"] = addr + + for k, v in credentials.items(): + payload = base64.b64encode(v.encode()).decode() + if config.architecture.supports_smbios(firmware): + cmdline += ["-smbios", f"type=11,value=io.systemd.credential.binary:{k}={payload}"] + elif config.architecture.supports_fw_cfg(): + f = stack.enter_context(tempfile.NamedTemporaryFile(prefix="mkosi-fw-cfg", mode="w")) + f.write(v) + f.flush() + cmdline += ["-fw_cfg", f"name=opt/io.systemd.credentials/{k},file={f.name}"] + elif kernel: + kcl += [f"systemd.set_credential_binary={k}:{payload}"] + + if ( + kernel and + ( + KernelType.identify(config, kernel) != KernelType.uki or + not config.architecture.supports_smbios(firmware) + ) + ): + cmdline += ["-append", " ".join(kcl)] + elif config.architecture.supports_smbios(firmware): + cmdline += [ + "-smbios", + f"type=11,value=io.systemd.stub.kernel-cmdline-extra={' '.join(kcl)}", + "-smbios", + f"type=11,value=io.systemd.boot.kernel-cmdline-extra={' '.join(kcl)}", + ] for drive in config.qemu_drives: file = stack.enter_context(finalize_drive(drive))