From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 7380318098191024128
X-Received: by 2002:a2e:81c7:0:b0:2ec:4df7:8cef with SMTP id 38308e7fff4ca-2ec4df78db6mr13285361fa.15.1718982509364;
        Fri, 21 Jun 2024 08:08:29 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a05:651c:21c:b0:2eb:fe83:2b09 with SMTP id
 38308e7fff4ca-2ec44377817ls10012051fa.1.-pod-prod-04-eu; Fri, 21 Jun 2024
 08:08:27 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IFJZccI4Y54aoCGpatFg9TIYYBldn1vtOatUUPHiQf4wINsiLoj0IMSvCddYmMTPZPpknUI
X-Received: by 2002:a2e:9dd4:0:b0:2ec:1ad3:fb0a with SMTP id 38308e7fff4ca-2ec3cfff3afmr53252521fa.43.1718982507130;
        Fri, 21 Jun 2024 08:08:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1718982507; cv=none;
        d=google.com; s=arc-20160816;
        b=AY6kwAx8k7yS1a9vbmt5jEwAkp18KYuDk2/qf2NGMhxXQrJPHD32qMZiH1bOjNyWPf
         PpkNQe1QmNzdhBwQv8sdR40K76vzSaw5j7U+TN57QsBHxi9ZgRXWk3DLpZblxaQ97Ue9
         3lOaD4VT67EGCYGC87mITXEtf+8NABwXiaalyB8EHlfcdGlP7/PJtXJuX/LxTRmuBnNA
         OU3f5twwkA+qzxoQJdZze/hL3tXImZdYKlbNNGdmeFUpHo8bQgd0VVFJfMK4Wkma+Wpw
         n0nkt0qEs3++YNTLvi1LYuByIobhbNNOd7wXPYxjGA9+QvjsH3dOVj9R2okB+BUqt8q5
         n7XA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from;
        bh=rLtBOlbrqAcftBjpFbc85TzRJOdShW3rqncFAksxL9Q=;
        fh=/h9QQkzJ8EboVkWg45aWwpaUro6WMavIVd2OhN45RtE=;
        b=PCDJc1cgzf+315gU3dklwzwSTIsSxaE2/8elY09GxocaQSwSO7GUHjqRMNNaHkTzGw
         9PvKHQaYNhKVl1m704xXDZ6rp4xZ9FqH4jZYgwwW9Ag6utufYO2Z06gZSttqWdgXWcov
         ahh6fxvqwzeoil5ynmJWoR1LvwhpyFLAUxLgjZaegY+uaLqKiEdB1Sq8N+Il/sIJn5Of
         pGyxVbKxOShk4k0ym7XccJd/B46WIqQJR2nxoxcBYqcZ7FURuw0Vy0KVO7ZBTpVupx1O
         9BZwmDmxE7+oxf23gYed6zBbxAeJM7Zv/t92L4OM7R86JEKFu8951IWzsXYnArdoDdPh
         sAuw==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de
Return-Path: <amikan@ilbers.de>
Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166])
        by gmr-mx.google.com with ESMTPS id 38308e7fff4ca-2ec4d75859esi419381fa.3.2024.06.21.08.08.26
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
        Fri, 21 Jun 2024 08:08:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de
Received: from user-B660.promwad.corp ([159.148.83.114])
	(authenticated bits=0)
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 45LF8ObD006158
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Fri, 21 Jun 2024 17:08:26 +0200
From: Anton Mikanovich <amikan@ilbers.de>
To: isar-users@googlegroups.com
Cc: Anton Mikanovich <amikan@ilbers.de>
Subject: [PATCH v3 2/5] start_vm: Add secureboot support
Date: Fri, 21 Jun 2024 18:08:11 +0300
Message-Id: <20240621150814.189288-3-amikan@ilbers.de>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240621150814.189288-1-amikan@ilbers.de>
References: <20240621150814.189288-1-amikan@ilbers.de>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED
	autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-TUID: 6vHCJDTRet+E

Add sb_copy_vars()/sb_cleanup() API for creation of OVMF variables file
copy in case it was declared in QEMU_DISK_ARGS value.
If OVMF_VARS_4M.ms.fd is already exists it will be reused, otherwise
created copy will be deleted after QEMU exit.

sb_copy_vars() returns True if cleanup needed.

Signed-off-by: Anton Mikanovich <amikan@ilbers.de>
---
 meta-isar/conf/machine/qemuamd64-sb.conf |  2 +-
 testsuite/cibuilder.py                   | 15 ++++++---
 testsuite/start_vm.py                    | 41 ++++++++++++++++++++++--
 3 files changed, 50 insertions(+), 8 deletions(-)

diff --git a/meta-isar/conf/machine/qemuamd64-sb.conf b/meta-isar/conf/machine/qemuamd64-sb.conf
index 2bec553b..9ad5f8d6 100644
--- a/meta-isar/conf/machine/qemuamd64-sb.conf
+++ b/meta-isar/conf/machine/qemuamd64-sb.conf
@@ -18,4 +18,4 @@ IMAGER_INSTALL:wic += "${GRUB_DEBIAN_SB_MOK}"
 IMAGE_PREINSTALL += "mokutil"
 
 # overwrite qemu disk args for signed boot
-QEMU_DISK_ARGS = "-drive file=##ROOTFS_IMAGE##,format=raw -global driver=cfi.pflash01,property=secure,value=on -drive if=pflash,format=raw,unit=0,file=/usr/share/OVMF/OVMF_CODE_4M.ms.fd,readonly=on"
+QEMU_DISK_ARGS = "-drive file=##ROOTFS_IMAGE##,format=raw -global driver=cfi.pflash01,property=secure,value=on -drive if=pflash,format=raw,unit=0,file=/usr/share/OVMF/OVMF_CODE_4M.ms.fd,readonly=on -drive if=pflash,format=raw,unit=1,file=OVMF_VARS_4M.ms.fd"
diff --git a/testsuite/cibuilder.py b/testsuite/cibuilder.py
index 12c48180..87d71387 100755
--- a/testsuite/cibuilder.py
+++ b/testsuite/cibuilder.py
@@ -477,6 +477,8 @@ BBPATH .= ":${LAYERDIR}"\
                                                boot_log, None, enforce_pcbios)
         cmdline.insert(1, '-nographic')
 
+        need_sb_cleanup = start_vm.sb_copy_vars(cmdline)
+
         self.log.info('QEMU boot line:\n' + ' '.join(cmdline))
         self.log.info('QEMU boot log:\n' + boot_log)
 
@@ -485,7 +487,7 @@ BBPATH .= ":${LAYERDIR}"\
                               universal_newlines=True)
         self.log.info("Started VM with pid %s" % (p1.pid))
 
-        return p1, cmdline, boot_log
+        return p1, cmdline, boot_log, need_sb_cleanup
 
 
     def vm_wait_boot(self, p1, timeout):
@@ -564,6 +566,9 @@ BBPATH .= ":${LAYERDIR}"\
         pid = self.vm_dict[vm][0]
         os.kill(pid, signal.SIGKILL)
 
+        if self.vm_dict[vm][3]:
+            start_vm.sb_cleanup()
+
         del(self.vm_dict[vm])
         self.vm_dump_dict(vm)
 
@@ -600,7 +605,7 @@ BBPATH .= ":${LAYERDIR}"\
         stderr = ""
 
         if vm in self.vm_dict:
-            pid, cmdline, boot_log = self.vm_dict[vm]
+            pid, cmdline, boot_log, need_sb_cleanup = self.vm_dict[vm]
 
             # Check that corresponding process exists
             proc = subprocess.run("ps -o cmd= %d" % (pid), shell=True, text=True,
@@ -612,8 +617,10 @@ BBPATH .= ":${LAYERDIR}"\
         if run_qemu:
             self.log.info("No qemu-system process for `%s` found, run new VM" % (vm))
 
-            p1, cmdline, boot_log = self.vm_turn_on(arch, distro, image, enforce_pcbios)
-            self.vm_dict[vm] = p1.pid, cmdline, boot_log
+            p1, cmdline, boot_log, \
+                need_sb_cleanup = self.vm_turn_on(arch, distro, image,
+                                                  enforce_pcbios)
+            self.vm_dict[vm] = p1.pid, cmdline, boot_log, need_sb_cleanup
             self.vm_dump_dict(vm)
 
             rc = self.vm_wait_boot(p1, timeout)
diff --git a/testsuite/start_vm.py b/testsuite/start_vm.py
index 2c07b816..0e0d7000 100755
--- a/testsuite/start_vm.py
+++ b/testsuite/start_vm.py
@@ -1,15 +1,18 @@
 #!/usr/bin/env python3
 #
 # Helper script to start QEMU with Isar image
-# Copyright (c) 2019, ilbers GmbH
+# Copyright (c) 2019-2024, ilbers GmbH
 
 import argparse
 import os
 import socket
 import subprocess
 import sys
+import shutil
 import time
 
+OVMF_VARS_PATH = '/usr/share/OVMF/OVMF_VARS_4M.ms.fd'
+
 def get_bitbake_env(arch, distro, image):
     multiconfig = 'mc:qemu' + arch + '-' + distro + ':' + image
     output = subprocess.check_output(['bitbake', '-e', str(multiconfig)])
@@ -91,16 +94,48 @@ def format_qemu_cmdline(arch, build, distro, image, out, pid, enforce_pcbios=Fal
 
     return cmd
 
+
+def sb_copy_vars(cmdline):
+    ovmf_vars_filename = os.path.basename(OVMF_VARS_PATH)
+
+    for param in cmdline:
+        if ovmf_vars_filename in param:
+            if os.path.exists(ovmf_vars_filename):
+                break
+            if not os.path.exists(OVMF_VARS_PATH):
+                print(f'{OVMF_VARS_PATH} required but not found!',
+                      file=sys.stderr)
+                break
+            shutil.copy(OVMF_VARS_PATH, ovmf_vars_filename)
+            return True
+
+    return False
+
+
+def sb_cleanup():
+    os.remove(os.path.basename(OVMF_VARS_PATH))
+
+
 def start_qemu(arch, build, distro, image, out, pid, enforce_pcbios):
     cmdline = format_qemu_cmdline(arch, build, distro, image, out, pid, enforce_pcbios)
     cmdline.insert(1, '-nographic')
 
+    need_cleanup = sb_copy_vars(cmdline)
+
     print(cmdline)
-    p1 = subprocess.call('exec ' + ' '.join(cmdline), shell=True)
+
+    try:
+        subprocess.call('exec ' + ' '.join(cmdline), shell=True)
+    finally:
+        if need_cleanup:
+            sb_cleanup()
+
 
 def parse_args():
     parser = argparse.ArgumentParser()
-    parser.add_argument('-a', '--arch', choices=['arm', 'arm64', 'amd64', 'i386', 'mipsel'], help='set isar machine architecture.', default='arm')
+    arch_names = ['arm', 'arm64', 'amd64', 'amd64-sb', 'i386', 'mipsel']
+    parser.add_argument('-a', '--arch', choices=arch_names,
+                        help='set isar machine architecture.', default='arm')
     parser.add_argument('-b', '--build', help='set path to build directory.', default=os.getcwd())
     parser.add_argument('-d', '--distro', choices=['buster', 'bullseye', 'bookworm', 'trixie', 'focal', 'jammy'], help='set isar Debian distribution.', default='bookworm')
     parser.add_argument('-i', '--image', help='set image name.', default='isar-image-base')
-- 
2.34.1