Fabio/qemu-arm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: Disable secure boot by default (#41)

Browse source
This commit is contained in:
Kroese 2024-04-19 22:20:09 +02:00 committed by GitHub
parent 866ecb26a1
commit cc34dec418
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 15 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
src/boot.sh
View file

@ -5,25 +5,32 @@ set -Eeuo pipefail
: "${BIOS:=""}" # Bios file : "${BIOS:=""}" # Bios file
BOOT_OPTS="" BOOT_OPTS=""
SECURE=",secure=off"
DIR="/usr/share/qemu" DIR="/usr/share/qemu"
case "${BOOT_MODE,,}" in case "${BOOT_MODE,,}" in
uefi) uefi)
ROM="AAVMF_CODE.fd" ROM="AAVMF_CODE.no-secboot.fd"
VARS="AAVMF_VARS.fd" VARS="AAVMF_VARS.fd"
;; ;;
secure) secure)
ROM="AAVMF_CODE.fd" SECURE=",secure=on"
ROM="AAVMF_CODE.secboot.fd"
VARS="AAVMF_VARS.fd" VARS="AAVMF_VARS.fd"
;; ;;
windows) windows)
ROM="AAVMF_CODE.no-secboot.fd"
VARS="AAVMF_VARS.fd"
;;
windows_secure)
SECURE=",secure=on"
ROM="AAVMF_CODE.ms.fd" ROM="AAVMF_CODE.ms.fd"
VARS="AAVMF_VARS.ms.fd" VARS="AAVMF_VARS.ms.fd"
;; ;;
*) *)
info "Unknown boot mode '${BOOT_MODE}', defaulting to 'uefi'" info "Unknown boot mode '${BOOT_MODE}', defaulting to 'uefi'"
BOOT_MODE="uefi" BOOT_MODE="uefi"
ROM="AAVMF_CODE.fd" ROM="AAVMF_CODE.no-secboot.fd"
VARS="AAVMF_VARS.fd" VARS="AAVMF_VARS.fd"
;; ;;
esac esac
@ -38,15 +45,15 @@ fi
AAVMF="/usr/share/AAVMF/" AAVMF="/usr/share/AAVMF/"
DEST="$STORAGE/${BOOT_MODE,,}" DEST="$STORAGE/${BOOT_MODE,,}"
if [ ! -s "$DEST.rom" ]; then if [ ! -s "$DEST.rom" ] || [ ! -f "$DEST.rom" ]; then
[ ! -s "$AAVMF/$ROM" ] && error "UEFI boot file ($AAVMF/$ROM) not found!" && exit 44 [ ! -s "$AAVMF/$ROM" ] || [ ! -f "$AAVMF/$ROM" ] && error "UEFI boot file ($AAVMF/$ROM) not found!" && exit 44
rm -f "$DEST.rom" rm -f "$DEST.rom"
dd if=/dev/zero "of=$DEST.rom" bs=1M count=64 status=none dd if=/dev/zero "of=$DEST.rom" bs=1M count=64 status=none
dd "if=$AAVMF/$ROM" "of=$DEST.rom" conv=notrunc status=none dd "if=$AAVMF/$ROM" "of=$DEST.rom" conv=notrunc status=none
fi fi
if [ ! -s "$DEST.vars" ]; then if [ ! -s "$DEST.vars" ] || [ ! -f "$DEST.vars" ]; then
[ ! -s "$AAVMF/$VARS" ] && error "UEFI vars file ($AAVMF/$VARS) not found!" && exit 45 [ ! -s "$AAVMF/$VARS" ] || [ ! -f "$AAVMF/$VARS" ] && error "UEFI vars file ($AAVMF/$VARS) not found!" && exit 45
rm -f "$DEST.vars" rm -f "$DEST.vars"
dd if=/dev/zero "of=$DEST.vars" bs=1M count=64 status=none dd if=/dev/zero "of=$DEST.vars" bs=1M count=64 status=none
dd "if=$AAVMF/$VARS" "of=$DEST.vars" conv=notrunc status=none dd "if=$AAVMF/$VARS" "of=$DEST.vars" conv=notrunc status=none

2
src/config.sh
View file

@ -11,7 +11,7 @@ USB_OPTS="-device $USB -device usb-kbd -device usb-tablet"
RAM_OPTS=$(echo "-m $RAM_SIZE" | sed 's/MB/M/g;s/GB/G/g;s/TB/T/g') RAM_OPTS=$(echo "-m $RAM_SIZE" | sed 's/MB/M/g;s/GB/G/g;s/TB/T/g')
CPU_OPTS="-cpu $CPU_FLAGS -smp $CPU_CORES,sockets=1,dies=1,cores=$CPU_CORES,threads=1" CPU_OPTS="-cpu $CPU_FLAGS -smp $CPU_CORES,sockets=1,dies=1,cores=$CPU_CORES,threads=1"
MON_OPTS="-monitor $MONITOR -name $PROCESS,process=$PROCESS,debug-threads=on" MON_OPTS="-monitor $MONITOR -name $PROCESS,process=$PROCESS,debug-threads=on"
MAC_OPTS="-machine type=${MACHINE},secure=off,dump-guest-core=off${KVM_OPTS}" MAC_OPTS="-machine type=${MACHINE}${SECURE},dump-guest-core=off${KVM_OPTS}"
DEV_OPTS="-device virtio-balloon-pci,id=balloon0,bus=pcie.0,addr=0x4" DEV_OPTS="-device virtio-balloon-pci,id=balloon0,bus=pcie.0,addr=0x4"
DEV_OPTS="$DEV_OPTS -object rng-random,id=objrng0,filename=/dev/urandom" DEV_OPTS="$DEV_OPTS -object rng-random,id=objrng0,filename=/dev/urandom"
DEV_OPTS="$DEV_OPTS -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pcie.0,addr=0x1c" DEV_OPTS="$DEV_OPTS -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pcie.0,addr=0x1c"