/* * qemu_firmware.c: QEMU firmware * * Copyright (C) 2019 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library. If not, see * . */ #include #include "qemu_firmware.h" #include "qemu_interop_config.h" #include "configmake.h" #include "qemu_capabilities.h" #include "qemu_domain.h" #include "qemu_process.h" #include "virarch.h" #include "virjson.h" #include "virlog.h" #include "virstring.h" #include "viralloc.h" #include "virenum.h" #define VIR_FROM_THIS VIR_FROM_QEMU VIR_LOG_INIT("qemu.qemu_firmware"); typedef enum { QEMU_FIRMWARE_OS_INTERFACE_NONE = 0, QEMU_FIRMWARE_OS_INTERFACE_BIOS, QEMU_FIRMWARE_OS_INTERFACE_OPENFIRMWARE, QEMU_FIRMWARE_OS_INTERFACE_UBOOT, QEMU_FIRMWARE_OS_INTERFACE_UEFI, QEMU_FIRMWARE_OS_INTERFACE_LAST } qemuFirmwareOSInterface; VIR_ENUM_DECL(qemuFirmwareOSInterface); VIR_ENUM_IMPL(qemuFirmwareOSInterface, QEMU_FIRMWARE_OS_INTERFACE_LAST, "", "bios", "openfirmware", "uboot", "uefi", ); typedef struct _qemuFirmwareFlashFile qemuFirmwareFlashFile; struct _qemuFirmwareFlashFile { char *filename; char *format; }; typedef struct _qemuFirmwareMappingFlash qemuFirmwareMappingFlash; struct _qemuFirmwareMappingFlash { qemuFirmwareFlashFile executable; qemuFirmwareFlashFile nvram_template; }; typedef struct _qemuFirmwareMappingKernel qemuFirmwareMappingKernel; struct _qemuFirmwareMappingKernel { char *filename; }; typedef struct _qemuFirmwareMappingMemory qemuFirmwareMappingMemory; struct _qemuFirmwareMappingMemory { char *filename; }; typedef enum { QEMU_FIRMWARE_DEVICE_NONE = 0, QEMU_FIRMWARE_DEVICE_FLASH, QEMU_FIRMWARE_DEVICE_KERNEL, QEMU_FIRMWARE_DEVICE_MEMORY, QEMU_FIRMWARE_DEVICE_LAST } qemuFirmwareDevice; VIR_ENUM_DECL(qemuFirmwareDevice); VIR_ENUM_IMPL(qemuFirmwareDevice, QEMU_FIRMWARE_DEVICE_LAST, "", "flash", "kernel", "memory", ); typedef struct _qemuFirmwareMapping qemuFirmwareMapping; struct _qemuFirmwareMapping { qemuFirmwareDevice device; union { qemuFirmwareMappingFlash flash; qemuFirmwareMappingKernel kernel; qemuFirmwareMappingMemory memory; } data; }; typedef struct _qemuFirmwareTarget qemuFirmwareTarget; struct _qemuFirmwareTarget { virArch architecture; size_t nmachines; char **machines; }; typedef enum { QEMU_FIRMWARE_FEATURE_NONE = 0, QEMU_FIRMWARE_FEATURE_ACPI_S3, QEMU_FIRMWARE_FEATURE_ACPI_S4, QEMU_FIRMWARE_FEATURE_AMD_SEV, QEMU_FIRMWARE_FEATURE_AMD_SEV_ES, QEMU_FIRMWARE_FEATURE_ENROLLED_KEYS, QEMU_FIRMWARE_FEATURE_REQUIRES_SMM, QEMU_FIRMWARE_FEATURE_SECURE_BOOT, QEMU_FIRMWARE_FEATURE_VERBOSE_DYNAMIC, QEMU_FIRMWARE_FEATURE_VERBOSE_STATIC, QEMU_FIRMWARE_FEATURE_LAST } qemuFirmwareFeature; VIR_ENUM_DECL(qemuFirmwareFeature); VIR_ENUM_IMPL(qemuFirmwareFeature, QEMU_FIRMWARE_FEATURE_LAST, "", "acpi-s3", "acpi-s4", "amd-sev", "amd-sev-es", "enrolled-keys", "requires-smm", "secure-boot", "verbose-dynamic", "verbose-static" ); struct _qemuFirmware { /* Description intentionally not parsed. */ size_t ninterfaces; qemuFirmwareOSInterface *interfaces; qemuFirmwareMapping mapping; size_t ntargets; qemuFirmwareTarget **targets; size_t nfeatures; qemuFirmwareFeature *features; /* Tags intentionally not parsed. */ }; static void qemuFirmwareOSInterfaceFree(qemuFirmwareOSInterface *interfaces) { g_free(interfaces); } G_DEFINE_AUTOPTR_CLEANUP_FUNC(qemuFirmwareOSInterface, qemuFirmwareOSInterfaceFree); static void qemuFirmwareFlashFileFreeContent(qemuFirmwareFlashFile *flash) { g_free(flash->filename); g_free(flash->format); } static void qemuFirmwareMappingFlashFreeContent(qemuFirmwareMappingFlash *flash) { qemuFirmwareFlashFileFreeContent(&flash->executable); qemuFirmwareFlashFileFreeContent(&flash->nvram_template); } static void qemuFirmwareMappingKernelFreeContent(qemuFirmwareMappingKernel *kernel) { g_free(kernel->filename); } static void qemuFirmwareMappingMemoryFreeContent(qemuFirmwareMappingMemory *memory) { g_free(memory->filename); } static void qemuFirmwareMappingFreeContent(qemuFirmwareMapping *mapping) { switch (mapping->device) { case QEMU_FIRMWARE_DEVICE_FLASH: qemuFirmwareMappingFlashFreeContent(&mapping->data.flash); break; case QEMU_FIRMWARE_DEVICE_KERNEL: qemuFirmwareMappingKernelFreeContent(&mapping->data.kernel); break; case QEMU_FIRMWARE_DEVICE_MEMORY: qemuFirmwareMappingMemoryFreeContent(&mapping->data.memory); break; case QEMU_FIRMWARE_DEVICE_NONE: case QEMU_FIRMWARE_DEVICE_LAST: break; } } static void qemuFirmwareTargetFree(qemuFirmwareTarget *target) { if (!target) return; virStringListFreeCount(target->machines, target->nmachines); g_free(target); } G_DEFINE_AUTOPTR_CLEANUP_FUNC(qemuFirmwareTarget, qemuFirmwareTargetFree); static void qemuFirmwareFeatureFree(qemuFirmwareFeature *features) { g_free(features); } G_DEFINE_AUTOPTR_CLEANUP_FUNC(qemuFirmwareFeature, qemuFirmwareFeatureFree); void qemuFirmwareFree(qemuFirmware *fw) { size_t i; if (!fw) return; qemuFirmwareOSInterfaceFree(fw->interfaces); qemuFirmwareMappingFreeContent(&fw->mapping); for (i = 0; i < fw->ntargets; i++) qemuFirmwareTargetFree(fw->targets[i]); g_free(fw->targets); qemuFirmwareFeatureFree(fw->features); g_free(fw); } static int qemuFirmwareInterfaceParse(const char *path, virJSONValue *doc, qemuFirmware *fw) { virJSONValue *interfacesJSON; g_autoptr(qemuFirmwareOSInterface) interfaces = NULL; g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; size_t ninterfaces; size_t i; if (!(interfacesJSON = virJSONValueObjectGetArray(doc, "interface-types"))) { virReportError(VIR_ERR_INTERNAL_ERROR, _("failed to get interface-types from '%s'"), path); return -1; } ninterfaces = virJSONValueArraySize(interfacesJSON); interfaces = g_new0(qemuFirmwareOSInterface, ninterfaces); for (i = 0; i < ninterfaces; i++) { virJSONValue *item = virJSONValueArrayGet(interfacesJSON, i); const char *tmpStr = virJSONValueGetString(item); int tmp; if ((tmp = qemuFirmwareOSInterfaceTypeFromString(tmpStr)) <= 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("unknown interface type: '%s'"), tmpStr); return -1; } virBufferAsprintf(&buf, " %s", tmpStr); interfaces[i] = tmp; } VIR_DEBUG("firmware description path '%s' supported interfaces: %s", path, NULLSTR_MINUS(virBufferCurrentContent(&buf))); fw->interfaces = g_steal_pointer(&interfaces); fw->ninterfaces = ninterfaces; return 0; } static int qemuFirmwareFlashFileParse(const char *path, virJSONValue *doc, qemuFirmwareFlashFile *flash) { const char *filename; const char *format; if (!(filename = virJSONValueObjectGetString(doc, "filename"))) { virReportError(VIR_ERR_INTERNAL_ERROR, _("missing 'filename' in '%s'"), path); return -1; } flash->filename = g_strdup(filename); if (!(format = virJSONValueObjectGetString(doc, "format"))) { virReportError(VIR_ERR_INTERNAL_ERROR, _("missing 'format' in '%s'"), path); return -1; } flash->format = g_strdup(format); return 0; } static int qemuFirmwareMappingFlashParse(const char *path, virJSONValue *doc, qemuFirmwareMappingFlash *flash) { virJSONValue *executable; virJSONValue *nvram_template; if (!(executable = virJSONValueObjectGet(doc, "executable"))) { virReportError(VIR_ERR_INTERNAL_ERROR, _("missing 'executable' in '%s'"), path); return -1; } if (qemuFirmwareFlashFileParse(path, executable, &flash->executable) < 0) return -1; if (!(nvram_template = virJSONValueObjectGet(doc, "nvram-template"))) { virReportError(VIR_ERR_INTERNAL_ERROR, _("missing 'nvram-template' in '%s'"), path); return -1; } if (qemuFirmwareFlashFileParse(path, nvram_template, &flash->nvram_template) < 0) return -1; return 0; } static int qemuFirmwareMappingKernelParse(const char *path, virJSONValue *doc, qemuFirmwareMappingKernel *kernel) { const char *filename; if (!(filename = virJSONValueObjectGetString(doc, "filename"))) { virReportError(VIR_ERR_INTERNAL_ERROR, _("missing 'filename' in '%s'"), path); } kernel->filename = g_strdup(filename); return 0; } static int qemuFirmwareMappingMemoryParse(const char *path, virJSONValue *doc, qemuFirmwareMappingMemory *memory) { const char *filename; if (!(filename = virJSONValueObjectGetString(doc, "filename"))) { virReportError(VIR_ERR_INTERNAL_ERROR, _("missing 'filename' in '%s'"), path); } memory->filename = g_strdup(filename); return 0; } static int qemuFirmwareMappingParse(const char *path, virJSONValue *doc, qemuFirmware *fw) { virJSONValue *mapping; const char *deviceStr; int tmp; if (!(mapping = virJSONValueObjectGet(doc, "mapping"))) { virReportError(VIR_ERR_INTERNAL_ERROR, _("missing mapping in '%s'"), path); return -1; } if (!(deviceStr = virJSONValueObjectGetString(mapping, "device"))) { virReportError(VIR_ERR_INTERNAL_ERROR, _("missing device type in '%s'"), path); return -1; } if ((tmp = qemuFirmwareDeviceTypeFromString(deviceStr)) <= 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("unknown device type in '%s'"), path); return -1; } fw->mapping.device = tmp; switch (fw->mapping.device) { case QEMU_FIRMWARE_DEVICE_FLASH: if (qemuFirmwareMappingFlashParse(path, mapping, &fw->mapping.data.flash) < 0) return -1; break; case QEMU_FIRMWARE_DEVICE_KERNEL: if (qemuFirmwareMappingKernelParse(path, mapping, &fw->mapping.data.kernel) < 0) return -1; break; case QEMU_FIRMWARE_DEVICE_MEMORY: if (qemuFirmwareMappingMemoryParse(path, mapping, &fw->mapping.data.memory) < 0) return -1; break; case QEMU_FIRMWARE_DEVICE_NONE: case QEMU_FIRMWARE_DEVICE_LAST: break; } return 0; } static int qemuFirmwareTargetParse(const char *path, virJSONValue *doc, qemuFirmware *fw) { virJSONValue *targetsJSON; qemuFirmwareTarget **targets = NULL; size_t ntargets; size_t i; int ret = -1; if (!(targetsJSON = virJSONValueObjectGetArray(doc, "targets"))) { virReportError(VIR_ERR_INTERNAL_ERROR, _("failed to get targets from '%s'"), path); return -1; } ntargets = virJSONValueArraySize(targetsJSON); targets = g_new0(qemuFirmwareTarget *, ntargets); for (i = 0; i < ntargets; i++) { virJSONValue *item = virJSONValueArrayGet(targetsJSON, i); virJSONValue *machines; g_autoptr(qemuFirmwareTarget) t = NULL; const char *architectureStr = NULL; size_t nmachines; size_t j; t = g_new0(qemuFirmwareTarget, 1); if (!(architectureStr = virJSONValueObjectGetString(item, "architecture"))) { virReportError(VIR_ERR_INTERNAL_ERROR, _("missing 'architecture' in '%s'"), path); goto cleanup; } if ((t->architecture = virQEMUCapsArchFromString(architectureStr)) == VIR_ARCH_NONE) { virReportError(VIR_ERR_INTERNAL_ERROR, _("unknown architecture '%s'"), architectureStr); goto cleanup; } if (!(machines = virJSONValueObjectGetArray(item, "machines"))) { virReportError(VIR_ERR_INTERNAL_ERROR, _("missing 'machines' in '%s'"), path); goto cleanup; } nmachines = virJSONValueArraySize(machines); t->machines = g_new0(char *, nmachines); for (j = 0; j < nmachines; j++) { virJSONValue *machine = virJSONValueArrayGet(machines, j); g_autofree char *machineStr = NULL; machineStr = g_strdup(virJSONValueGetString(machine)); VIR_APPEND_ELEMENT_INPLACE(t->machines, t->nmachines, machineStr); } targets[i] = g_steal_pointer(&t); } fw->targets = g_steal_pointer(&targets); fw->ntargets = ntargets; ntargets = 0; ret = 0; cleanup: for (i = 0; i < ntargets; i++) qemuFirmwareTargetFree(targets[i]); VIR_FREE(targets); return ret; } static int qemuFirmwareFeatureParse(const char *path, virJSONValue *doc, qemuFirmware *fw) { virJSONValue *featuresJSON; g_autoptr(qemuFirmwareFeature) features = NULL; size_t nfeatures; size_t nparsed = 0; size_t i; if (!(featuresJSON = virJSONValueObjectGetArray(doc, "features"))) { virReportError(VIR_ERR_INTERNAL_ERROR, _("failed to get features from '%s'"), path); return -1; } nfeatures = virJSONValueArraySize(featuresJSON); features = g_new0(qemuFirmwareFeature, nfeatures); for (i = 0; i < nfeatures; i++) { virJSONValue *item = virJSONValueArrayGet(featuresJSON, i); const char *tmpStr = virJSONValueGetString(item); int tmp; if ((tmp = qemuFirmwareFeatureTypeFromString(tmpStr)) <= 0) { VIR_DEBUG("ignoring unknown QEMU firmware feature '%s'", tmpStr); continue; } features[nparsed] = tmp; nparsed++; } fw->features = g_steal_pointer(&features); fw->nfeatures = nparsed; return 0; } /* 1MiB should be enough for everybody (TM) */ #define DOCUMENT_SIZE (1024 * 1024) qemuFirmware * qemuFirmwareParse(const char *path) { g_autofree char *cont = NULL; g_autoptr(virJSONValue) doc = NULL; g_autoptr(qemuFirmware) fw = NULL; if (virFileReadAll(path, DOCUMENT_SIZE, &cont) < 0) return NULL; if (!(doc = virJSONValueFromString(cont))) { virReportError(VIR_ERR_INTERNAL_ERROR, _("unable to parse json file '%s'"), path); return NULL; } fw = g_new0(qemuFirmware, 1); if (qemuFirmwareInterfaceParse(path, doc, fw) < 0) return NULL; if (qemuFirmwareMappingParse(path, doc, fw) < 0) return NULL; if (qemuFirmwareTargetParse(path, doc, fw) < 0) return NULL; if (qemuFirmwareFeatureParse(path, doc, fw) < 0) return NULL; return g_steal_pointer(&fw); } static int qemuFirmwareInterfaceFormat(virJSONValue *doc, qemuFirmware *fw) { g_autoptr(virJSONValue) interfacesJSON = NULL; size_t i; interfacesJSON = virJSONValueNewArray(); for (i = 0; i < fw->ninterfaces; i++) { if (virJSONValueArrayAppendString(interfacesJSON, qemuFirmwareOSInterfaceTypeToString(fw->interfaces[i])) < 0) return -1; } if (virJSONValueObjectAppend(doc, "interface-types", &interfacesJSON) < 0) return -1; return 0; } static virJSONValue * qemuFirmwareFlashFileFormat(qemuFirmwareFlashFile flash) { g_autoptr(virJSONValue) json = virJSONValueNewObject(); virJSONValue *ret; if (virJSONValueObjectAppendString(json, "filename", flash.filename) < 0) return NULL; if (virJSONValueObjectAppendString(json, "format", flash.format) < 0) return NULL; ret = g_steal_pointer(&json); return ret; } static int qemuFirmwareMappingFlashFormat(virJSONValue *mapping, qemuFirmwareMappingFlash *flash) { g_autoptr(virJSONValue) executable = NULL; g_autoptr(virJSONValue) nvram_template = NULL; if (!(executable = qemuFirmwareFlashFileFormat(flash->executable))) return -1; if (!(nvram_template = qemuFirmwareFlashFileFormat(flash->nvram_template))) return -1; if (virJSONValueObjectAppend(mapping, "executable", &executable) < 0) return -1; if (virJSONValueObjectAppend(mapping, "nvram-template", &nvram_template) < 0) return -1; return 0; } static int qemuFirmwareMappingKernelFormat(virJSONValue *mapping, qemuFirmwareMappingKernel *kernel) { if (virJSONValueObjectAppendString(mapping, "filename", kernel->filename) < 0) return -1; return 0; } static int qemuFirmwareMappingMemoryFormat(virJSONValue *mapping, qemuFirmwareMappingMemory *memory) { if (virJSONValueObjectAppendString(mapping, "filename", memory->filename) < 0) return -1; return 0; } static int qemuFirmwareMappingFormat(virJSONValue *doc, qemuFirmware *fw) { g_autoptr(virJSONValue) mapping = virJSONValueNewObject(); if (virJSONValueObjectAppendString(mapping, "device", qemuFirmwareDeviceTypeToString(fw->mapping.device)) < 0) return -1; switch (fw->mapping.device) { case QEMU_FIRMWARE_DEVICE_FLASH: if (qemuFirmwareMappingFlashFormat(mapping, &fw->mapping.data.flash) < 0) return -1; break; case QEMU_FIRMWARE_DEVICE_KERNEL: if (qemuFirmwareMappingKernelFormat(mapping, &fw->mapping.data.kernel) < 0) return -1; break; case QEMU_FIRMWARE_DEVICE_MEMORY: if (qemuFirmwareMappingMemoryFormat(mapping, &fw->mapping.data.memory) < 0) return -1; break; case QEMU_FIRMWARE_DEVICE_NONE: case QEMU_FIRMWARE_DEVICE_LAST: break; } if (virJSONValueObjectAppend(doc, "mapping", &mapping) < 0) return -1; return 0; } static int qemuFirmwareTargetFormat(virJSONValue *doc, qemuFirmware *fw) { g_autoptr(virJSONValue) targetsJSON = NULL; size_t i; targetsJSON = virJSONValueNewArray(); for (i = 0; i < fw->ntargets; i++) { qemuFirmwareTarget *t = fw->targets[i]; g_autoptr(virJSONValue) target = virJSONValueNewObject(); g_autoptr(virJSONValue) machines = NULL; size_t j; if (virJSONValueObjectAppendString(target, "architecture", virQEMUCapsArchToString(t->architecture)) < 0) return -1; machines = virJSONValueNewArray(); for (j = 0; j < t->nmachines; j++) { if (virJSONValueArrayAppendString(machines, t->machines[j]) < 0) return -1; } if (virJSONValueObjectAppend(target, "machines", &machines) < 0) return -1; if (virJSONValueArrayAppend(targetsJSON, &target) < 0) return -1; } if (virJSONValueObjectAppend(doc, "targets", &targetsJSON) < 0) return -1; return 0; } static int qemuFirmwareFeatureFormat(virJSONValue *doc, qemuFirmware *fw) { g_autoptr(virJSONValue) featuresJSON = NULL; size_t i; featuresJSON = virJSONValueNewArray(); for (i = 0; i < fw->nfeatures; i++) { if (virJSONValueArrayAppendString(featuresJSON, qemuFirmwareFeatureTypeToString(fw->features[i])) < 0) return -1; } if (virJSONValueObjectAppend(doc, "features", &featuresJSON) < 0) return -1; return 0; } char * qemuFirmwareFormat(qemuFirmware *fw) { g_autoptr(virJSONValue) doc = virJSONValueNewObject(); if (!fw) return NULL; if (qemuFirmwareInterfaceFormat(doc, fw) < 0) return NULL; if (qemuFirmwareMappingFormat(doc, fw) < 0) return NULL; if (qemuFirmwareTargetFormat(doc, fw) < 0) return NULL; if (qemuFirmwareFeatureFormat(doc, fw) < 0) return NULL; return virJSONValueToString(doc, true); } int qemuFirmwareFetchConfigs(char ***firmwares, bool privileged) { return qemuInteropFetchConfigs("firmware", firmwares, privileged); } static bool qemuFirmwareMatchesMachineArch(const qemuFirmware *fw, const char *machine, virArch arch) { size_t i; for (i = 0; i < fw->ntargets; i++) { size_t j; if (arch != fw->targets[i]->architecture) continue; for (j = 0; j < fw->targets[i]->nmachines; j++) { if (g_pattern_match_simple(fw->targets[i]->machines[j], machine)) return true; } } return false; } static qemuFirmwareOSInterface qemuFirmwareOSInterfaceTypeFromOsDefFirmware(int fw) { switch (fw) { case VIR_DOMAIN_OS_DEF_FIRMWARE_BIOS: return QEMU_FIRMWARE_OS_INTERFACE_BIOS; case VIR_DOMAIN_OS_DEF_FIRMWARE_EFI: return QEMU_FIRMWARE_OS_INTERFACE_UEFI; case VIR_DOMAIN_OS_DEF_FIRMWARE_NONE: case VIR_DOMAIN_OS_DEF_FIRMWARE_LAST: break; } return QEMU_FIRMWARE_OS_INTERFACE_NONE; } #define VIR_QEMU_FIRMWARE_AMD_SEV_ES_POLICY (1 << 2) static bool qemuFirmwareMatchDomain(const virDomainDef *def, const qemuFirmware *fw, const char *path) { size_t i; qemuFirmwareOSInterface want; bool supportsS3 = false; bool supportsS4 = false; bool requiresSMM = false; bool supportsSEV = false; bool supportsSEVES = false; bool supportsSecureBoot = false; bool hasEnrolledKeys = false; int reqSecureBoot; int reqEnrolledKeys; want = qemuFirmwareOSInterfaceTypeFromOsDefFirmware(def->os.firmware); if (want == QEMU_FIRMWARE_OS_INTERFACE_NONE && def->os.loader) { want = qemuFirmwareOSInterfaceTypeFromOsDefFirmware(def->os.loader->type); if (fw->mapping.device != QEMU_FIRMWARE_DEVICE_FLASH || STRNEQ(def->os.loader->path, fw->mapping.data.flash.executable.filename)) { VIR_DEBUG("Not matching FW interface %s or loader " "path '%s' for user provided path '%s'", qemuFirmwareDeviceTypeToString(fw->mapping.device), fw->mapping.data.flash.executable.filename, def->os.loader->path); return false; } } for (i = 0; i < fw->ninterfaces; i++) { if (fw->interfaces[i] == want) break; } if (i == fw->ninterfaces) { VIR_DEBUG("No matching interface in '%s'", path); return false; } if (!qemuFirmwareMatchesMachineArch(fw, def->os.machine, def->os.arch)) { VIR_DEBUG("No matching machine type in '%s'", path); return false; } for (i = 0; i < fw->nfeatures; i++) { switch (fw->features[i]) { case QEMU_FIRMWARE_FEATURE_ACPI_S3: supportsS3 = true; break; case QEMU_FIRMWARE_FEATURE_ACPI_S4: supportsS4 = true; break; case QEMU_FIRMWARE_FEATURE_AMD_SEV: supportsSEV = true; break; case QEMU_FIRMWARE_FEATURE_AMD_SEV_ES: supportsSEVES = true; break; case QEMU_FIRMWARE_FEATURE_REQUIRES_SMM: requiresSMM = true; break; case QEMU_FIRMWARE_FEATURE_SECURE_BOOT: supportsSecureBoot = true; break; case QEMU_FIRMWARE_FEATURE_ENROLLED_KEYS: hasEnrolledKeys = true; break; case QEMU_FIRMWARE_FEATURE_VERBOSE_DYNAMIC: case QEMU_FIRMWARE_FEATURE_VERBOSE_STATIC: case QEMU_FIRMWARE_FEATURE_NONE: case QEMU_FIRMWARE_FEATURE_LAST: break; } } if (def->pm.s3 == VIR_TRISTATE_BOOL_YES && !supportsS3) { VIR_DEBUG("Domain requires S3, firmware '%s' doesn't support it", path); return false; } if (def->pm.s4 == VIR_TRISTATE_BOOL_YES && !supportsS4) { VIR_DEBUG("Domain requires S4, firmware '%s' doesn't support it", path); return false; } if (def->os.firmwareFeatures) { reqSecureBoot = def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOOT]; if (reqSecureBoot != VIR_TRISTATE_BOOL_ABSENT) { if (reqSecureBoot == VIR_TRISTATE_BOOL_YES && !supportsSecureBoot) { VIR_DEBUG("User requested Secure Boot, firmware '%s' doesn't support it", path); return false; } if (reqSecureBoot == VIR_TRISTATE_BOOL_NO && supportsSecureBoot) { VIR_DEBUG("User refused Secure Boot, firmware '%s' supports it", path); return false; } } reqEnrolledKeys = def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_KEYS]; if (reqEnrolledKeys != VIR_TRISTATE_BOOL_ABSENT) { if (reqEnrolledKeys == VIR_TRISTATE_BOOL_YES && !hasEnrolledKeys) { VIR_DEBUG("User requested Enrolled keys, firmware '%s' doesn't have them", path); return false; } if (reqEnrolledKeys == VIR_TRISTATE_BOOL_NO && hasEnrolledKeys) { VIR_DEBUG("User refused Enrolled keys, firmware '%s' has them", path); return false; } } } if (def->os.loader && def->os.loader->secure == VIR_TRISTATE_BOOL_YES && !requiresSMM) { VIR_DEBUG("Domain restricts pflash programming to SMM, " "but firmware '%s' doesn't support SMM", path); return false; } if (def->sec) { switch ((virDomainLaunchSecurity) def->sec->sectype) { case VIR_DOMAIN_LAUNCH_SECURITY_SEV: if (!supportsSEV) { VIR_DEBUG("Domain requires SEV, firmware '%s' doesn't support it", path); return false; } if (def->sec->data.sev.policy & VIR_QEMU_FIRMWARE_AMD_SEV_ES_POLICY && !supportsSEVES) { VIR_DEBUG("Domain requires SEV-ES, firmware '%s' doesn't support it", path); return false; } break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype); return -1; } } VIR_DEBUG("Firmware '%s' matches domain requirements", path); return true; } static int qemuFirmwareEnableFeatures(virQEMUDriver *driver, virDomainDef *def, const qemuFirmware *fw) { g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); const qemuFirmwareMappingFlash *flash = &fw->mapping.data.flash; const qemuFirmwareMappingKernel *kernel = &fw->mapping.data.kernel; const qemuFirmwareMappingMemory *memory = &fw->mapping.data.memory; size_t i; switch (fw->mapping.device) { case QEMU_FIRMWARE_DEVICE_FLASH: if (!def->os.loader) def->os.loader = g_new0(virDomainLoaderDef, 1); def->os.loader->type = VIR_DOMAIN_LOADER_TYPE_PFLASH; def->os.loader->readonly = VIR_TRISTATE_BOOL_YES; if (STRNEQ(flash->executable.format, "raw")) { virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("unsupported flash format '%s'"), flash->executable.format); return -1; } VIR_FREE(def->os.loader->path); def->os.loader->path = g_strdup(flash->executable.filename); if (STRNEQ(flash->nvram_template.format, "raw")) { virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("unsupported nvram template format '%s'"), flash->nvram_template.format); return -1; } VIR_FREE(def->os.loader->templt); def->os.loader->templt = g_strdup(flash->nvram_template.filename); qemuDomainNVRAMPathGenerate(cfg, def); VIR_DEBUG("decided on firmware '%s' varstore template '%s'", def->os.loader->path, def->os.loader->templt); break; case QEMU_FIRMWARE_DEVICE_KERNEL: VIR_FREE(def->os.kernel); def->os.kernel = g_strdup(kernel->filename); VIR_DEBUG("decided on kernel '%s'", def->os.kernel); break; case QEMU_FIRMWARE_DEVICE_MEMORY: if (!def->os.loader) def->os.loader = g_new0(virDomainLoaderDef, 1); def->os.loader->type = VIR_DOMAIN_LOADER_TYPE_ROM; def->os.loader->path = g_strdup(memory->filename); VIR_DEBUG("decided on loader '%s'", def->os.loader->path); break; case QEMU_FIRMWARE_DEVICE_NONE: case QEMU_FIRMWARE_DEVICE_LAST: break; } for (i = 0; i < fw->nfeatures; i++) { switch (fw->features[i]) { case QEMU_FIRMWARE_FEATURE_REQUIRES_SMM: switch (def->features[VIR_DOMAIN_FEATURE_SMM]) { case VIR_TRISTATE_SWITCH_OFF: virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("domain has SMM turned off " "but chosen firmware requires it")); return -1; case VIR_TRISTATE_SWITCH_ABSENT: VIR_DEBUG("Enabling SMM feature"); def->features[VIR_DOMAIN_FEATURE_SMM] = VIR_TRISTATE_SWITCH_ON; break; case VIR_TRISTATE_SWITCH_ON: case VIR_TRISTATE_SWITCH_LAST: break; } break; case QEMU_FIRMWARE_FEATURE_NONE: case QEMU_FIRMWARE_FEATURE_ACPI_S3: case QEMU_FIRMWARE_FEATURE_ACPI_S4: case QEMU_FIRMWARE_FEATURE_AMD_SEV: case QEMU_FIRMWARE_FEATURE_AMD_SEV_ES: case QEMU_FIRMWARE_FEATURE_ENROLLED_KEYS: case QEMU_FIRMWARE_FEATURE_SECURE_BOOT: case QEMU_FIRMWARE_FEATURE_VERBOSE_DYNAMIC: case QEMU_FIRMWARE_FEATURE_VERBOSE_STATIC: case QEMU_FIRMWARE_FEATURE_LAST: break; } } return 0; } static void qemuFirmwareSanityCheck(const qemuFirmware *fw, const char *filename) { size_t i; bool requiresSMM = false; bool supportsSecureBoot = false; for (i = 0; i < fw->nfeatures; i++) { switch (fw->features[i]) { case QEMU_FIRMWARE_FEATURE_REQUIRES_SMM: requiresSMM = true; break; case QEMU_FIRMWARE_FEATURE_SECURE_BOOT: supportsSecureBoot = true; break; case QEMU_FIRMWARE_FEATURE_NONE: case QEMU_FIRMWARE_FEATURE_ACPI_S3: case QEMU_FIRMWARE_FEATURE_ACPI_S4: case QEMU_FIRMWARE_FEATURE_AMD_SEV: case QEMU_FIRMWARE_FEATURE_AMD_SEV_ES: case QEMU_FIRMWARE_FEATURE_ENROLLED_KEYS: case QEMU_FIRMWARE_FEATURE_VERBOSE_DYNAMIC: case QEMU_FIRMWARE_FEATURE_VERBOSE_STATIC: case QEMU_FIRMWARE_FEATURE_LAST: break; } } if (supportsSecureBoot != requiresSMM) { VIR_WARN("Firmware description '%s' has invalid set of features: " "%s = %d, %s = %d", filename, qemuFirmwareFeatureTypeToString(QEMU_FIRMWARE_FEATURE_REQUIRES_SMM), requiresSMM, qemuFirmwareFeatureTypeToString(QEMU_FIRMWARE_FEATURE_SECURE_BOOT), supportsSecureBoot); } } static ssize_t qemuFirmwareFetchParsedConfigs(bool privileged, qemuFirmware ***firmwaresRet, char ***pathsRet) { g_auto(GStrv) paths = NULL; size_t npaths; qemuFirmware **firmwares = NULL; size_t i; if (qemuFirmwareFetchConfigs(&paths, privileged) < 0) return -1; if (!paths) return 0; npaths = g_strv_length(paths); firmwares = g_new0(qemuFirmware *, npaths); for (i = 0; i < npaths; i++) { if (!(firmwares[i] = qemuFirmwareParse(paths[i]))) goto error; } *firmwaresRet = g_steal_pointer(&firmwares); if (pathsRet) *pathsRet = g_steal_pointer(&paths); return npaths; error: while (i > 0) qemuFirmwareFree(firmwares[--i]); VIR_FREE(firmwares); return -1; } int qemuFirmwareFillDomain(virQEMUDriver *driver, virDomainDef *def, unsigned int flags) { g_auto(GStrv) paths = NULL; qemuFirmware **firmwares = NULL; ssize_t nfirmwares = 0; const qemuFirmware *theone = NULL; bool needResult = true; size_t i; int ret = -1; /* Fill in FW paths if either os.firmware is enabled, or * loader path was provided with no nvram varstore. */ if (def->os.firmware == VIR_DOMAIN_OS_DEF_FIRMWARE_NONE) { /* This is horrific check, but loosely said, if UEFI * image was provided by the old method (by specifying * its path in domain XML) but no template for NVRAM was * specified and the varstore doesn't exist ... */ if (!virDomainDefHasOldStyleROUEFI(def) || def->os.loader->templt || virFileExists(def->os.loader->nvram)) return 0; /* ... then we want to consult JSON FW descriptors first, * but we don't want to fail if we haven't found a match. */ needResult = false; } else { /* Domain has FW autoselection enabled => do nothing if * we are not starting it from scratch. */ if (!(flags & VIR_QEMU_PROCESS_START_NEW)) return 0; } if ((nfirmwares = qemuFirmwareFetchParsedConfigs(driver->privileged, &firmwares, &paths)) < 0) return -1; for (i = 0; i < nfirmwares; i++) { if (qemuFirmwareMatchDomain(def, firmwares[i], paths[i])) { theone = firmwares[i]; VIR_DEBUG("Found matching firmware (description path '%s')", paths[i]); break; } } if (!theone) { if (needResult) { virReportError(VIR_ERR_OPERATION_FAILED, _("Unable to find any firmware to satisfy '%s'"), virDomainOsDefFirmwareTypeToString(def->os.firmware)); } else { VIR_DEBUG("Unable to find NVRAM template for '%s', " "falling back to old style", NULLSTR(def->os.loader ? def->os.loader->path : NULL)); ret = 0; } goto cleanup; } /* Firstly, let's do some sanity checks. If either of these * fail we can still start the domain successfully, but it's * likely that admin/FW manufacturer messed up. */ qemuFirmwareSanityCheck(theone, paths[i]); if (qemuFirmwareEnableFeatures(driver, def, theone) < 0) goto cleanup; def->os.firmware = VIR_DOMAIN_OS_DEF_FIRMWARE_NONE; ret = 0; cleanup: for (i = 0; i < nfirmwares; i++) qemuFirmwareFree(firmwares[i]); VIR_FREE(firmwares); return ret; } /** * qemuFirmwareGetSupported: * @machine: machine type * @arch: architecture * @privileged: whether running as privileged user * @supported: returned bitmap of supported interfaces * @secure: true if at least one secure boot enabled FW was found * @fws: (optional) list of found firmwares * @nfws: (optional) number of members in @fws * * Parse all FW descriptors (depending whether running as @privileged this may * or may not include user's $HOME) and for given combination of @machine and * @arch extract information to be later reported in domain capabilities. * The @supported contains a bitmap of found interfaces (and ORed values of 1 * << VIR_DOMAIN_OS_DEF_FIRMWARE_*). Then, @supported is true if at least one * FW descriptor signalizes secure boot (although, this is checked against SMM * rather than SECURE_BOOT because reasons). * * If @fws and @nfws are not NULL, then @fws is allocated (must be freed by * caller when no longer needed) and contains list of firmwares found in form * of virFirmware. This can be useful if caller wants to know the paths to * firmware images (e.g. to present them in domain capabilities XML). * Moreover, to allow the caller distinguish between no FW descriptors found * and no matching FW descriptors found (nfws == 0 in both cases), the @fws is * going to be allocated in case of the latter anyway (with no real content * though). * * Returns: 0 on success, * -1 otherwise. */ int qemuFirmwareGetSupported(const char *machine, virArch arch, bool privileged, uint64_t *supported, bool *secure, virFirmware ***fws, size_t *nfws) { qemuFirmware **firmwares = NULL; ssize_t nfirmwares = 0; size_t i; *supported = VIR_DOMAIN_OS_DEF_FIRMWARE_NONE; *secure = false; if (fws) { *fws = NULL; *nfws = 0; } if ((nfirmwares = qemuFirmwareFetchParsedConfigs(privileged, &firmwares, NULL)) < 0) return -1; for (i = 0; i < nfirmwares; i++) { qemuFirmware *fw = firmwares[i]; const qemuFirmwareMappingFlash *flash = &fw->mapping.data.flash; const qemuFirmwareMappingMemory *memory = &fw->mapping.data.memory; const char *fwpath = NULL; const char *nvrampath = NULL; size_t j; if (!qemuFirmwareMatchesMachineArch(fw, machine, arch)) continue; for (j = 0; j < fw->ninterfaces; j++) { switch (fw->interfaces[j]) { case QEMU_FIRMWARE_OS_INTERFACE_UEFI: *supported |= 1ULL << VIR_DOMAIN_OS_DEF_FIRMWARE_EFI; break; case QEMU_FIRMWARE_OS_INTERFACE_BIOS: *supported |= 1ULL << VIR_DOMAIN_OS_DEF_FIRMWARE_BIOS; break; case QEMU_FIRMWARE_OS_INTERFACE_NONE: case QEMU_FIRMWARE_OS_INTERFACE_OPENFIRMWARE: case QEMU_FIRMWARE_OS_INTERFACE_UBOOT: case QEMU_FIRMWARE_OS_INTERFACE_LAST: default: break; } } for (j = 0; j < fw->nfeatures; j++) { switch (fw->features[j]) { case QEMU_FIRMWARE_FEATURE_REQUIRES_SMM: *secure = true; break; case QEMU_FIRMWARE_FEATURE_NONE: case QEMU_FIRMWARE_FEATURE_ACPI_S3: case QEMU_FIRMWARE_FEATURE_ACPI_S4: case QEMU_FIRMWARE_FEATURE_AMD_SEV: case QEMU_FIRMWARE_FEATURE_AMD_SEV_ES: case QEMU_FIRMWARE_FEATURE_ENROLLED_KEYS: case QEMU_FIRMWARE_FEATURE_SECURE_BOOT: case QEMU_FIRMWARE_FEATURE_VERBOSE_DYNAMIC: case QEMU_FIRMWARE_FEATURE_VERBOSE_STATIC: case QEMU_FIRMWARE_FEATURE_LAST: break; } } switch (fw->mapping.device) { case QEMU_FIRMWARE_DEVICE_FLASH: fwpath = flash->executable.filename; nvrampath = flash->nvram_template.filename; break; case QEMU_FIRMWARE_DEVICE_MEMORY: fwpath = memory->filename; break; case QEMU_FIRMWARE_DEVICE_KERNEL: case QEMU_FIRMWARE_DEVICE_NONE: case QEMU_FIRMWARE_DEVICE_LAST: break; } if (fws && fwpath) { g_autoptr(virFirmware) tmp = NULL; /* Append only unique pairs. */ for (j = 0; j < *nfws; j++) { if (STREQ((*fws)[j]->name, fwpath) && STREQ_NULLABLE((*fws)[j]->nvram, nvrampath)) break; } if (j == *nfws) { tmp = g_new0(virFirmware, 1); tmp->name = g_strdup(fwpath); tmp->nvram = g_strdup(nvrampath); VIR_APPEND_ELEMENT(*fws, *nfws, tmp); } } } if (fws && !*fws && nfirmwares) VIR_REALLOC_N(*fws, 0); for (i = 0; i < nfirmwares; i++) qemuFirmwareFree(firmwares[i]); VIR_FREE(firmwares); return 0; }