From 1549bf11cc94b135b6ad8fa5ebc34bdf7c18ba9c Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 17 Dec 2024 09:59:21 +0100
Subject: OvmfPkg/X86QemuLoadImageLib: make legacy loader configurable.

Add the 'opt/org.tianocore/EnableLegacyLoader' FwCfg option to
enable/disable the insecure legacy linux kernel loader.

For now this is enabled by default.  Probably the default will be
flipped to disabled at some point in the future.

Also print a warning to the screen in case the linux kernel secure
boot verification has failed.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 .../X86QemuLoadImageLib/X86QemuLoadImageLib.c      | 48 ++++++++++++++++++----
 .../X86QemuLoadImageLib/X86QemuLoadImageLib.inf    |  1 +
 2 files changed, 42 insertions(+), 7 deletions(-)

diff --git a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
index e4dbc2dc7e..2d610f6bd3 100644
--- a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
+++ b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
@@ -19,8 +19,10 @@
 #include <Library/MemoryAllocationLib.h>
 #include <Library/PrintLib.h>
 #include <Library/QemuFwCfgLib.h>
+#include <Library/QemuFwCfgSimpleParserLib.h>
 #include <Library/QemuLoadImageLib.h>
 #include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiLib.h>
 #include <Protocol/DevicePath.h>
 #include <Protocol/LoadedImage.h>
 #include <Protocol/OvmfLoadedX86LinuxKernel.h>
@@ -421,13 +423,45 @@ QemuLoadKernelImage (
     // Fall through
     //
     case EFI_ACCESS_DENIED:
-    //
-    // We are running with UEFI secure boot enabled, and the image failed to
-    // authenticate. For compatibility reasons, we fall back to the legacy
-    // loader in this case.
-    //
-    // Fall through
-    //
+      //
+      // We are running with UEFI secure boot enabled, and the image failed to
+      // authenticate. For compatibility reasons, we fall back to the legacy
+      // loader in this case (unless disabled via fw_cfg).
+      //
+    {
+      EFI_STATUS  RetStatus;
+      BOOLEAN     Enabled = TRUE;
+
+      AsciiPrint (
+        "OVMF: Secure boot image verification failed.  Consider using the '-shim'\n"
+        "OVMF: command line switch for qemu (available in version 10.0 + newer).\n"
+        "\n"
+        );
+
+      RetStatus = QemuFwCfgParseBool (
+                    "opt/org.tianocore/EnableLegacyLoader",
+                    &Enabled
+                    );
+      if (EFI_ERROR (RetStatus)) {
+        Enabled = TRUE;
+      }
+
+      if (!Enabled) {
+        AsciiPrint (
+          "OVMF: Fallback to insecure legacy linux kernel loader is disabled.\n"
+          "\n"
+          );
+        return EFI_ACCESS_DENIED;
+      } else {
+        AsciiPrint (
+          "OVMF: Using legacy linux kernel loader (insecure and deprecated).\n"
+          "\n"
+          );
+        //
+        // Fall through
+        //
+      }
+    }
     case EFI_UNSUPPORTED:
       //
       // The image is not natively supported or cross-type supported. Let's try
diff --git a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
index c7ec041cb7..09babd3be8 100644
--- a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
+++ b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
@@ -33,6 +33,7 @@
   LoadLinuxLib
   PrintLib
   QemuFwCfgLib
+  QemuFwCfgSimpleParserLib
   ReportStatusCodeLib
   UefiBootServicesTableLib
 
-- 
cgit