diff options
| author | Stefan Hajnoczi <stefanha@redhat.com> | 2025-03-05 21:53:36 +0800 |
|---|---|---|
| committer | Stefan Hajnoczi <stefanha@redhat.com> | 2025-03-05 21:53:36 +0800 |
| commit | 50aa3d0984d8a4a9c39d34e2f81e8a70674462e4 (patch) | |
| tree | 51589eac6f145fadea42f30583967a9f434342d9 /qapi | |
| parent | b93c9dfd700ae91c0080694f53c281ef51b0d028 (diff) | |
| parent | 2bc10b15deb4b29391628e10b18701bfbcf4be17 (diff) | |
| download | focaccia-qemu-50aa3d0984d8a4a9c39d34e2f81e8a70674462e4.tar.gz focaccia-qemu-50aa3d0984d8a4a9c39d34e2f81e8a70674462e4.zip | |
Merge tag 'firmware-20250304-pull-request' of https://gitlab.com/kraxel/qemu into staging
- add uefi variable store support # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmfG9m4ACgkQTLbY7tPo # cTgk8BAAn60ezSx2iet/JarkMugacOJ6C2UbVQho/Q3WCyrQ7K+F0NByczcfKLA6 # OZX84p93qxiK8KJ9tva41eOIYViyfsKf+wGUInNCbXbyGy7RZV3SjE5Yuk9BE9Ta # 8f/5dDGyCELQWliy4atLUWl2dL0rQ76twLZewYo9n2A+LijIzjuP+kVJeccK8U7A # qStio3rGZ0vul2OYhE3+veSXd2m2oU32Tce31MUoj9yCbTE1RZSKMXbwbUU/nul9 # RN3X0q4rvXKwbKMUdC+YI+oIzY/1nzrmy5zwwbJsAszsSKjAc2LZeoDqKdbOIynL # B01dorpg5pVxQUqHz1t+YTfGyuZaYDM6WsaGoU5/9QLW7ZbI857EULq7ptE3DVAS # YjHiBYqiiYYrCatV4UT1XjkRjX7W8lTdK2M+8Vh1E5b1pGpfPwuKE4YRGwMMK0Ac # 5LD9HMxnXIDOT9A6+tGc6GYLfT7YToFA3pHn6WdLlGSowB7sYVZy0/xGe3ABjvzt # WOl1WDWtHCpYIiROpEl+KkbRilwvbLF/IW7x0Ovfsjyh5ucBFu6ojxgRBcOee4Na # oeBz5GfpeIoelhWl1aSYIUrFCvN2Q/9EafHRsfTzPoKlD3t/7oLNYtMYloiQpsks # IPpD5OMMmWGaD2G76Nw24nS4+zUf4Gagg6+IAlYt6zjqnmxFWxY= # =HnUt # -----END PGP SIGNATURE----- # gpg: Signature made Tue 04 Mar 2025 20:47:42 HKT # gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * tag 'firmware-20250304-pull-request' of https://gitlab.com/kraxel/qemu: (24 commits) docs: add uefi variable service documentation hw/uefi: add MAINTAINERS entry hw/uefi-vars-sysbus: allow for pc and q35 hw/uefi-vars-sysbus: allow for arm virt hw/uefi-vars-sysbus: add x64 variant hw/uefi-vars-sysbus: qemu platform bus support hw/uefi: add uefi-vars-sysbus device hw/uefi: add to meson hw/uefi: add UEFI_VARS to Kconfig hw/uefi: add trace-events hw/uefi: add var-service-json.c + qapi for NV vars. hw/uefi: add var-service-siglist.c hw/uefi: add var-service-pkcs7-stub.c hw/uefi: add var-service-pkcs7.c hw/uefi: add var-service-core.c hw/uefi: add var-service-policy.c hw/uefi: add var-service-auth.c hw/uefi: add var-service-vars.c hw/uefi: add var-service-utils.c hw/uefi: add var-service-guid.c ... Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Diffstat (limited to 'qapi')
| -rw-r--r-- | qapi/meson.build | 1 | ||||
| -rw-r--r-- | qapi/qapi-schema.json | 1 | ||||
| -rw-r--r-- | qapi/uefi.json | 64 |
3 files changed, 66 insertions, 0 deletions
diff --git a/qapi/meson.build b/qapi/meson.build index e7bc54e5d0..eadde4db30 100644 --- a/qapi/meson.build +++ b/qapi/meson.build @@ -65,6 +65,7 @@ if have_system 'pci', 'rocker', 'tpm', + 'uefi', ] endif if have_system or have_tools diff --git a/qapi/qapi-schema.json b/qapi/qapi-schema.json index b1581988e4..2877aff73d 100644 --- a/qapi/qapi-schema.json +++ b/qapi/qapi-schema.json @@ -81,3 +81,4 @@ { 'include': 'vfio.json' } { 'include': 'cryptodev.json' } { 'include': 'cxl.json' } +{ 'include': 'uefi.json' } diff --git a/qapi/uefi.json b/qapi/uefi.json new file mode 100644 index 0000000000..bdfcabe1df --- /dev/null +++ b/qapi/uefi.json @@ -0,0 +1,64 @@ +# -*- Mode: Python -*- +# vim: filetype=python +# + +## +# = UEFI Variable Store +# +# The qemu efi variable store implementation (hw/uefi/) uses this to +# store non-volatile variables in json format on disk. +# +# This is an existing format already supported by (at least) two other +# projects, specifically https://gitlab.com/kraxel/virt-firmware and +# https://github.com/awslabs/python-uefivars. +## + +## +# @UefiVariable: +# +# UEFI Variable. Check the UEFI specifification for more detailed +# information on the fields. +# +# @guid: variable namespace GUID +# +# @name: variable name, in UTF-8 encoding. +# +# @attr: variable attributes. +# +# @data: variable value, encoded as hex string. +# +# @time: variable modification time. EFI_TIME struct, encoded as hex +# string. Used only for authenticated variables, where the +# EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute bit +# is set. +# +# @digest: variable certificate digest. Used to verify the signature +# of updates for authenticated variables. UEFI has two kinds of +# authenticated variables. The secure boot variables ('PK', +# 'KEK', 'db' and 'dbx') have hard coded signature checking rules. +# For other authenticated variables the firmware stores a digest +# of the signing certificate at variable creation time, and any +# updates must be signed with the same certificate. +# +# Since: 10.0 +## +{ 'struct' : 'UefiVariable', + 'data' : { 'guid' : 'str', + 'name' : 'str', + 'attr' : 'int', + 'data' : 'str', + '*time' : 'str', + '*digest' : 'str'}} + +## +# @UefiVarStore: +# +# @version: currently always 2 +# +# @variables: list of UEFI variables +# +# Since: 10.0 +## +{ 'struct' : 'UefiVarStore', + 'data' : { 'version' : 'int', + 'variables' : [ 'UefiVariable' ] }} |