[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] hw/i386: place setup_data at fixed place in memory
From: |
Ard Biesheuvel |
Subject: |
Re: [PATCH v2] hw/i386: place setup_data at fixed place in memory |
Date: |
Fri, 19 Aug 2022 09:16:20 +0200 |
On Fri, 19 Aug 2022 at 08:41, Gerd Hoffmann <kraxel@redhat.com> wrote:
>
> On Thu, Aug 18, 2022 at 05:38:37PM +0200, Jason A. Donenfeld wrote:
> > Hey Gerd,
> >
> > > Joining the party late (and still catching up the thread). Given we
> > > don't need that anyway with EFI, only with legacy BIOS: Can't that just
> > > be a protocol between qemu and pc-bios/optionrom/*boot*.S on how to pass
> > > those 48 bytes random seed?
> >
> > Actually, I want this to work with EFI, very much so.
Even if we wire this up for EFI in some way, it will only affect
direct kernel boot using -kernel/-initrd etc, which is a niche use
case at best (AIUI libvirt uses it for the initial boot only)
I personally rely on it heavily for development, and I imagine others
might too, but that is hardly relevant here.
> With EFI the kernel stub gets some random seed via EFI_RNG_PROTOCOL.
> I can't see any good reason to derive from that. It works no matter
> how the kernel gets loaded.
>
> OVMF ships with a driver for the virtio-rng device. So just add that
> to your virtual machine and seeding works fine ...
>
... or we find other ways for the platform to speak to the OS, using
EFI protocols or other EFI methods.
Currently, the 'pure EFI' boot code is arch agnostic - it can be built
and run on any architecture that supports EFI boot. Adding Linux+x86
specific hacks to it is out of the question.
So that means that setup_data provided by QEMU will be consumed
directly by the kernel (when doing direct kernel boot only), using an
out of band channel that EFI/OVMF are completely unaware of, putting
it outside the scope of secure boot, measure boot, etc.
This is not acceptable to me.
> > If our objective was to just not break EFI, the solution would be
> > simple: in the kernel we can have EFISTUB ignore the setup_data field
> > from the image, and then bump the boot header protocol number. If QEMU
> > sees the boot protocol number is below this one, then it won't set
> > setup_data. Done, fixed.
>
> As mentioned elsewhere in the thread patching in physical addresses on
> qemu side isn't going to fly due to the different load methods we have.
>
And it conflates the file representation with the in-memory
representation, which I object to fundamentally - setup_data is part
of the file image, and becomes part of the in-memory representation
when it gets staged in memory for booting, which only happens in the
EFI stub when using pure EFI boot.
Using setup_data as a hidden comms channel between QEMU and the core
kernel breaks that distinction.
> > Your option ROM idea is interesting; somebody mentioned that elsewhere
> > too I think.
>
> Doing the setup_data patching in the option rom has the advantage that
> it'll only happen with that specific load method being used. Also the
> option rom knows where it places stuff in memory so it is in a much
> better position to find a good & non-conflicting place for the random
> seed. Also reserve/allocate memory if needed etc.
>
Exactly. This is the only sensible place to do this.
> > I'm wondering, though: do option ROMs still run when
> > EFI/OVMF is being used?
>
> No, they are not used with EFI. OVMF has a completely independent
> implementation for direct kernel boot.
>
> The options I see for EFI are:
>
> (1) Do nothing and continue to depend on virtio-rng.
> (2) Implement an efi driver which gets those 48 seed bytes from
> qemu by whatever means we'll define and hands them out via
> EFI_RNG_PROTOCOL.
>
We could explore other options, but SETUP_RNG_SEED is fundamentally
incompatible with EFI boot (or any other boot method where the image
is treated as an opaque file by the firmware/loader), so that is not
an acceptable approach to me.
- Re: [PATCH v3] hw/i386: place setup_data at fixed place in memory, (continued)
- Re: [PATCH v3] hw/i386: place setup_data at fixed place in memory, Paolo Bonzini, 2022/08/09
- Re: [PATCH v3] hw/i386: place setup_data at fixed place in memory, Jason A. Donenfeld, 2022/08/05
- Re: [PATCH v3] hw/i386: place setup_data at fixed place in memory, Laszlo Ersek, 2022/08/05
- Re: [PATCH v3] hw/i386: place setup_data at fixed place in memory, Jason A. Donenfeld, 2022/08/09
- Re: [PATCH v3] hw/i386: place setup_data at fixed place in memory, Michael S. Tsirkin, 2022/08/09
- Re: [PATCH v3] hw/i386: place setup_data at fixed place in memory, Daniel P . Berrangé, 2022/08/09
- Re: [PATCH v2] hw/i386: place setup_data at fixed place in memory, Laszlo Ersek, 2022/08/05
- Re: [PATCH v2] hw/i386: place setup_data at fixed place in memory, Gerd Hoffmann, 2022/08/16
- Re: [PATCH v2] hw/i386: place setup_data at fixed place in memory, Jason A. Donenfeld, 2022/08/18
- Re: [PATCH v2] hw/i386: place setup_data at fixed place in memory, Gerd Hoffmann, 2022/08/19
- Re: [PATCH v2] hw/i386: place setup_data at fixed place in memory,
Ard Biesheuvel <=
- Re: [PATCH v2] hw/i386: place setup_data at fixed place in memory, Daniel P . Berrangé, 2022/08/04
- Re: [PATCH v2] hw/i386: place setup_data at fixed place in memory, Jason A. Donenfeld, 2022/08/04