From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7180261367669063680 X-Received: by 2002:a05:6512:3b22:b0:4b6:4c3e:c2fa with SMTP id f34-20020a0565123b2200b004b64c3ec2famr793276lfv.243.1671784926788; Fri, 23 Dec 2022 00:42:06 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:ac2:4e8a:0:b0:4c8:8384:83f3 with SMTP id o10-20020ac24e8a000000b004c8838483f3ls127558lfr.3.-pod-prod-gmail; Fri, 23 Dec 2022 00:42:05 -0800 (PST) X-Google-Smtp-Source: AMrXdXtRtJOmr3Omg5dSldvZoiDU1J1AXMBvCNzjgnkkwUFsdk4I/OMy1aIDmxSIVuEhvMtASt8f X-Received: by 2002:a05:6512:1505:b0:4b5:7bfe:4e44 with SMTP id bq5-20020a056512150500b004b57bfe4e44mr3064743lfb.6.1671784925443; Fri, 23 Dec 2022 00:42:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671784925; cv=none; d=google.com; s=arc-20160816; b=pJoev24POS8SYx9yD9hF3fAVkxUHuZtES3NKchTVrVxpeNhRINFqHY1Jul54JNs9Et hwJFARKYhHDIvmX9ZCAQPnME7i3u14hmmPEgeipdDVYef2URa/dp0dml/chonmNmnr7O 7vXRjGq5Qn2Y55SdgPwekaU/liVzBCfGlhMuj7niNWTuqljxj2hYFphoBi2mPmc9yse/ 8ez9v7xodbyqp4K+1q+9zmMhsmEn5YWvc3pfUSyd+LxEpNNHa3nCQsL+dc42jMcvSkMq kzQFQcr6jKM/HwtqSMzLBJtbz7O4IgXilMucQ48b79VVy2CSFPMonNunujqwZDu0db7r A1ZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=pd2t5nfxNog0iyB/U/OxFIKwIfTaaTpzvCT6LTCFILY=; b=SEYIUPUkNgAY2H9cNNEo41U5w5fSj3Ugum3iD+IGHTpnXcH2pGwn0sZxSWjTU6ppLg qVw0r0OTlwVd+NWWBKkfHsp09umK5EXtwklzttD+3G6n1554h1pf19lxXKQl/Q32S4V+ Do6UFPi6UlkRIiC3NmuPJbnXsU30ludZZ4tkE22N0uwk+gfmQB378i11oWhXQBr4HATX tg2Q069k3Oex5tEfkPYJcKtuZFnRqZaEy2i1gFpWl7l1aElrtVG4pWJSJ3MEyvxdoAN5 oVQ4Gd8mYHERe33Y6xKNAPxN/43b/U/F0pAm+ySrjx02NKFaBjzjUumlMx0mWn2/+KYa K1Jw== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=L4WOBJFq; spf=pass (google.com: domain of fm-72506-2022122308420584bb7e3aa3b4ddadf1-_dbvgz@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-72506-2022122308420584bb7e3aa3b4ddadf1-_dBvGZ@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from mta-64-225.siemens.flowmailer.net (mta-64-225.siemens.flowmailer.net. [185.136.64.225]) by gmr-mx.google.com with ESMTPS id f1-20020a056512360100b004b069b33a43si140427lfs.3.2022.12.23.00.42.05 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 23 Dec 2022 00:42:05 -0800 (PST) Received-SPF: pass (google.com: domain of fm-72506-2022122308420584bb7e3aa3b4ddadf1-_dbvgz@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) client-ip=185.136.64.225; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=L4WOBJFq; spf=pass (google.com: domain of fm-72506-2022122308420584bb7e3aa3b4ddadf1-_dbvgz@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-72506-2022122308420584bb7e3aa3b4ddadf1-_dBvGZ@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id 2022122308420584bb7e3aa3b4ddadf1 for ; Fri, 23 Dec 2022 09:42:05 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=felix.moessbauer@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To; bh=pd2t5nfxNog0iyB/U/OxFIKwIfTaaTpzvCT6LTCFILY=; b=L4WOBJFqm2q8VsHEtGGnVG6DYoiTv6bQhW++6xA3BVj87G/Yw13BDzKSD6NB3fmoqYz7tx KmtNVHIJGXWFsNdFzngNxMZ2tyyqSEcEa1Bmn4m3Qmry8h/9HtQn1/qZXwJFm0AXdWNqcULB HurM6170rkERgYN2ix0qKX3QgnjLE=; From: Felix Moessbauer To: isar-users@googlegroups.com Cc: tobias.preclik@siemens.com, christian.storm@siemens.com, Felix Moessbauer Subject: [PATCH 10/10] start_vm: add support for secureboot Date: Fri, 23 Dec 2022 08:40:58 +0000 Message-Id: <20221223084058.1899957-11-felix.moessbauer@siemens.com> In-Reply-To: <20221223084058.1899957-1-felix.moessbauer@siemens.com> References: <20221223084058.1899957-1-felix.moessbauer@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-72506:519-21489:flowmailer X-TUID: 4YP2ggtOeswa This patch adds a new -s parameter to enable the qemu secureboot support. To handle the persistency across reboots of the machine, we create a copy of the OVMF variables and pass that into qemu. Signed-off-by: Felix Moessbauer --- scripts/start_vm | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/scripts/start_vm b/scripts/start_vm index 3c0ba16..9cb7b9a 100755 --- a/scripts/start_vm +++ b/scripts/start_vm @@ -51,6 +51,7 @@ show_help() { echo " -o, --out FILE Route QEMU console output to" echo " specified file." echo " -p, --pid FILE Store QEMU pid to file." + echo " -s, --secureboot Enable secureboot with default MS keys." echo " --help display this message and exit." echo echo "Exit status:" @@ -93,6 +94,12 @@ do EXTRA_ARGS="$EXTRA_ARGS -pidfile $2" shift ;; + -s|--secureboot) + OVMF_VARS_ORIG="/usr/share/OVMF/OVMF_VARS_4M.ms.fd" + OVMF_VARS="$(basename "${OVMF_VARS_ORIG}")" + cp "${OVMF_VARS_ORIG}" "${OVMF_VARS}" + EXTRA_ARGS="$EXTRA_ARGS -drive if=pflash,format=raw,unit=1,file=${OVMF_VARS}" + ;; *) echo "error: invalid parameter '$key', please try '--help' to get list of supported parameters" exit $ES_BUG -- 2.34.1