From b8d6b027961f22673438332c26d0ef48a5bea701 Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Tue, 19 Oct 2021 00:07:24 +0100 Subject: [PATCH 01/16] Refactor swtpm support to catch when it is missing Also adds the swtpm laucher to the debug shell script. --- quickemu | 41 +++++++++++++++++++++++++---------------- 1 file changed, 25 insertions(+), 16 deletions(-) diff --git a/quickemu b/quickemu index ab04ac8..a1f6796 100755 --- a/quickemu +++ b/quickemu @@ -531,20 +531,6 @@ function vm_boot() { echo " - CD-ROM: ${fixed_iso}" fi - # Enable TPM - if [ "${tpm}" == "on" ]; then - if command -v swtpm &>/dev/null; then - swtpm socket \ - --ctrl type=unixio,path="${VMDIR}/${VMNAME}.swtpm-sock" \ - --terminate \ - --tpmstate dir="${VMDIR}" \ - --tpm2 & - echo " - TPM: ${VMDIR}/${VMNAME}.swtpm-sock (${!})" - else - echo " - TPM: swtpm is not installed, TPM not available!" - fi - fi - # Determine a sane resolution for Linux guests. if [ "${guest_os}" == "linux" ]; then local X_RES=1152 @@ -716,6 +702,23 @@ function vm_boot() { enable_usb_passthrough + echo "#!/usr/bin/env bash" > "${VMDIR}/${VMNAME}.sh" + + # Start TPM + if [ "${tpm}" == "on" ]; then + local tpm_args=() + # shellcheck disable=SC2054 + tpm_args+=(socket + --ctrl type=unixio,path="${VMDIR}/${VMNAME}.swtpm-sock" + --terminate + --tpmstate dir="${VMDIR}" + --tpm2) + echo "${SWTPM} ${tpm_args[@]} &" >> "${VMDIR}/${VMNAME}.sh" + ${SWTPM} "${tpm_args[@]}" >> "${VMDIR}/${VMNAME}.log" & + echo " - TPM: ${VMDIR}/${VMNAME}.swtpm-sock (${!})" + sleep 1 + fi + # Boot the VM local args=() @@ -841,9 +844,7 @@ function vm_boot() { SHELL_ARGS="${SHELL_ARGS//)/\\)}" SHELL_ARGS="${SHELL_ARGS//Wimpys World/\"Wimpys World\"}" - echo "#!/usr/bin/env bash" > "${VMDIR}/${VMNAME}.sh" echo "${QEMU}" "${SHELL_ARGS}" >> "${VMDIR}/${VMNAME}.sh" - ${QEMU} "${args[@]}" > "${VMDIR}/${VMNAME}.log" & # If output is 'none' then SPICE was requested. @@ -1054,6 +1055,14 @@ if [ -n "${VM}" ] && [ -e "${VM}" ]; then if [ -n "${disk}" ]; then disk_size="${disk}" fi + + if [ "${tpm}" == "on" ]; then + SWTPM=$(command -v swtpm) + if [ ! -e "${SWTPM}" ]; then + echo "ERROR! TPM is enabled, but swtpm was not found." + exit 1 + fi + fi else echo "ERROR! Virtual machine configuration not found." usage From aeb2a64720fd3bfdbb0553a3b3b1249c462b06d9 Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Tue, 19 Oct 2021 00:12:48 +0100 Subject: [PATCH 02/16] Add efi_vars() for copying EFI variable store templates to the VM dir --- quickemu | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/quickemu b/quickemu index a1f6796..3597836 100755 --- a/quickemu +++ b/quickemu @@ -175,6 +175,22 @@ function check_cpu_flag() { fi } +function efi_vars() { + local VARS_IN="" + local VARS_OUT="" + VARS_IN="${1}" + VARS_OUT="${2}" + + if [ ! -e "${VARS_OUT}" ]; then + if [ -e "${VARS_IN}" ]; then + cp "${VARS_IN}" "${VARS_OUT}" + else + echo "ERROR! ${VARS_IN} was not found. Please install edk2." + exit 1 + fi + fi +} + function vm_boot() { local BALLOON="-device virtio-balloon" local CPU="" From b6db417b814a277f0e039ca010e29a703881dff3 Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Tue, 19 Oct 2021 00:15:55 +0100 Subject: [PATCH 03/16] Refactor OVMF detection and add SecureBoot support Add 'secureboot="on"' to a VM configuration to enable SecureBoot. --- README.md | 3 ++- quickemu | 72 +++++++++++++++++++++++++++++++++++-------------------- 2 files changed, 48 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index c8072e4..c45e3d3 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ comprehensive support for macOS and Windows**. * Automatic SSH port forwarding to guests * Network port forwarding * Full duplex audio - * EFI and Legacy BIOS booting + * EFI (with or without SecureBoot) and Legacy BIOS boot * Graphical user interfaces available Quickemu is a wrapper for the excellent [QEMU](https://www.qemu.org/) that @@ -62,6 +62,7 @@ See this (old) video where I explain some of my motivations for creating Quickem * [QEMU](https://www.qemu.org/) (*6.0.0 or newer*) * [bash](https://www.gnu.org/software/bash/) (*4.0 or newer*) * [Coreutils](https://www.gnu.org/software/coreutils/) + * [EDK II](https://github.com/tianocore/edk2) * [grep](https://www.gnu.org/software/grep/) * [jq](https://stedolan.github.io/jq/) * [LSB](https://wiki.linuxfoundation.org/lsb/start) diff --git a/quickemu b/quickemu index 3597836..82bc9ae 100755 --- a/quickemu +++ b/quickemu @@ -193,6 +193,7 @@ function efi_vars() { function vm_boot() { local BALLOON="-device virtio-balloon" + local BOOT_STATUS="" local CPU="" local DISK_USED="" local DISPLAY_DEVICE="" @@ -322,7 +323,6 @@ function vm_boot() { # Always Boot macOS using EFI if [ "${guest_os}" == "macos" ]; then boot="efi" - echo " - BOOT: EFI (${guest_os})" if [ -e "${VMDIR}/OVMF_CODE.fd" ] && [ -e "${VMDIR}/OVMF_VARS-1024x768.fd" ]; then EFI_CODE="${VMDIR}/OVMF_CODE.fd" EFI_VARS="${VMDIR}/OVMF_VARS-1024x768.fd" @@ -344,6 +344,7 @@ function vm_boot() { echo " Use 'quickget' to download the required files." exit 1 fi + BOOT_STATUS="EFI (macOS), OVMF ($(basename "${EFI_CODE}")), SecureBoot (${secureboot})." elif [[ "${boot}" == *"efi"* ]]; then EFI_VARS="${VMDIR}/OVMF_VARS.fd" @@ -354,36 +355,54 @@ function vm_boot() { mv "${VMDIR}/OVMF_VARS_4M.fd" "${EFI_VARS}" fi - if [ -e "/usr/share/OVMF/OVMF_CODE_4M.fd" ] || - [ -e "/usr/share/OVMF/x64/OVMF_CODE.fd" ] || - [ -e "/usr/share/OVMF/OVMF_CODE.fd" ]; then - echo " - BOOT: EFI (${guest_os})" - - if [ -e "/usr/share/OVMF/OVMF_CODE_4M.fd" ]; then - EFI_CODE="/usr/share/OVMF/OVMF_CODE_4M.fd" - elif [ -e "/usr/share/OVMF/x64/OVMF_CODE.fd" ]; then - EFI_CODE="/usr/share/OVMF/x64/OVMF_CODE.fd" - elif [ -e "/usr/share/OVMF/OVMF_CODE.fd" ]; then - EFI_CODE="/usr/share/OVMF/OVMF_CODE.fd" - fi + # OVMF_CODE_4M.fd is for booting guests in non-Secure Boot mode. + # While this image technically supports Secure Boot, it does so + # without requiring SMM support from QEMU - if [ ! -e "${EFI_VARS}" ]; then - if [ -e "/usr/share/OVMF/OVMF_VARS_4M.fd" ]; then - cp "/usr/share/OVMF/OVMF_VARS_4M.fd" "${EFI_VARS}" - elif [ -e "/usr/share/OVMF/x64/OVMF_VARS.fd" ]; then - cp "/usr/share/OVMF/x64/OVMF_VARS.fd" "${EFI_VARS}" - elif [ -e "/usr/share/OVMF/OVMF_VARS.fd" ]; then - cp "/usr/share/OVMF/OVMF_VARS.fd" "${EFI_VARS}" + # OVMF_CODE.secboot.fd is like OVMF_CODE_4M.fd, but will abort if QEMU + # does not support SMM. + case ${secureboot} in + on) + if [ -e "/usr/share/OVMF/OVMF_CODE_4M.secboot.fd" ]; then + EFI_CODE="/usr/share/OVMF/OVMF_CODE_4M.secboot.fd" + efi_vars "/usr/share/OVMF/OVMF_VARS_4M.fd" "${EFI_VARS}" + elif [ -e "/usr/share/OVMF/OVMF_CODE.secboot.fd" ]; then + EFI_CODE="/usr/share/OVMF/OVMF_CODE.secboot.fd" "${EFI_VARS}" + efi_vars "/usr/share/OVMF/OVMF_VARS.fd" "${EFI_VARS}" + elif [ -e "/usr/share/OVMF/x64/OVMF_CODE.secboot.fd" ]; then + EFI_CODE="/usr/share/OVMF/x64/OVMF_CODE.secboot.fd" "${EFI_VARS}" + efi_vars "/usr/share/OVMF/x64/OVMF_VARS.fd" "${EFI_VARS}" + else + echo "ERROR! SecureBoot was requested but no SecureBoot capable firmware was found." + exit 1 fi - fi - else - boot="legacy" - echo " - BOOT: Legacy BIOS (${guest_os}) - EFI requested but no EFI firmware found." - fi + BOOT_STATUS="EFI (${guest_os^}), OVMF ($(basename "${EFI_CODE}")), SecureBoot (${secureboot})." + ;; + *) + if [ -e "/usr/share/OVMF/OVMF_CODE_4M.fd" ]; then + EFI_CODE="/usr/share/OVMF/OVMF_CODE_4M.fd" + efi_vars "/usr/share/OVMF/OVMF_VARS_4M.fd" "${EFI_VARS}" + elif [ -e "/usr/share/OVMF/OVMF_CODE.fd" ]; then + EFI_CODE="/usr/share/OVMF/OVMF_CODE.fd" + efi_vars "/usr/share/OVMF/OVMF_VARS.fd" "${EFI_VARS}" + elif [ -e "/usr/share/OVMF/x64/OVMF_CODE.fd" ]; then + EFI_CODE="/usr/share/OVMF/x64/OVMF_CODE.fd" + efi_vars "/usr/share/OVMF/x64/OVMF_VARS.fd" "${EFI_VARS}" + else + BOOT_STATUS="Legacy BIOS (${guest_os^}) - EFI requested but no EFI firmware found." + boot="legacy" + secureboot="off" + fi + BOOT_STATUS="EFI (${guest_os^}), OVMF ($(basename "${EFI_CODE}")), SecureBoot (${secureboot})." + ;; + esac else - echo " - BOOT: Legacy BIOS (${guest_os})" + BOOT_STATUS="Legacy BIOS (${guest_os^})" + secureboot="off" fi + echo " - BOOT: ${BOOT_STATUS}" + # Make any OS specific adjustments case ${guest_os} in freebsd|linux|openbsd) @@ -926,6 +945,7 @@ macos_release="" port_forwards=() preallocation="off" ram="" +secureboot="off" tpm="off" usb_devices=() From a4eddaa9e5373c952354abcb3b7fab74229e08b2 Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Tue, 19 Oct 2021 00:16:56 +0100 Subject: [PATCH 04/16] Add SMM support, enabled by default for Windows guests --- quickemu | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/quickemu b/quickemu index 82bc9ae..23a861f 100755 --- a/quickemu +++ b/quickemu @@ -218,6 +218,8 @@ function vm_boot() { local MOUSE="usb-tablet" local NET_DEVICE="virtio-net" local OSK="" + local QEMU_VER="" + local SMM="off" local USB_HOST_PASSTHROUGH_CONTROLLER="qemu-xhci" local VIDEO="" @@ -478,6 +480,7 @@ function vm_boot() { if [ -z "${disk_size}" ]; then disk_size="64G" fi + SMM="on" ;; *) CPU="-cpu host,kvm=on" @@ -759,7 +762,7 @@ function vm_boot() { # shellcheck disable=SC2054,SC2206,SC2140 args+=(-name ${VMNAME},process=${VMNAME} -pidfile "${VMDIR}/${VMNAME}.pid" - -enable-kvm -machine q35,vmport=off ${GUEST_TWEAKS} + -enable-kvm -machine q35,smm=${SMM},vmport=off ${GUEST_TWEAKS} ${CPU} ${SMP} -m ${RAM_VM} ${BALLOON} -smbios type=2,manufacturer="Wimpys World",product="Quickemu",version="${VERSION}",serial="jvzclfjbeyq.pbz",location="wimpysworld.com",asset="${VMNAME}" From b9f90d12c36fb70f2e54475de3c2232b2fb43866 Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Tue, 19 Oct 2021 00:17:40 +0100 Subject: [PATCH 05/16] Disable Suspend to RAM (S3) if SecureBoot or SMM are enabled --- quickemu | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/quickemu b/quickemu index 23a861f..792c4c6 100755 --- a/quickemu +++ b/quickemu @@ -492,6 +492,11 @@ function vm_boot() { ;; esac + # Disable suspend to RAM if SecureBoot/SMM is enabled + if [ "${secureboot}" == "on" ] || [ "${SMM}" == "on" ]; then + GUEST_TWEAKS="${GUEST_TWEAKS} -global ICH9-LPC.disable_s3=1" + fi + echo " - Disk: ${disk_img} (${disk_size})" if [ ! -f "${disk_img}" ]; then # If there is no disk image, create a new image. From 9b96f899ad8e6cfe7e42b1a070cfbd4e4d8381dc Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Tue, 19 Oct 2021 00:19:27 +0100 Subject: [PATCH 06/16] Make sure cfi.pflash01always has the secure property set --- quickemu | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/quickemu b/quickemu index 792c4c6..ee640b4 100755 --- a/quickemu +++ b/quickemu @@ -800,8 +800,9 @@ function vm_boot() { # - https://turlucode.com/qemu-disk-io-performance-comparison-native-or-threads-windows-10-version/ if [[ "${boot}" == *"efi"* ]]; then # shellcheck disable=SC2054 - args+=(-drive if=pflash,format=raw,file="${EFI_CODE}",readonly=on - -drive if=pflash,format=raw,file="${EFI_VARS}") + args+=(-global driver=cfi.pflash01,property=secure,value=on + -drive if=pflash,format=raw,unit=0,file="${EFI_CODE}",readonly=on + -drive if=pflash,format=raw,unit=1,file="${EFI_VARS}") fi if [ -n "${floppy}" ]; then From 44bc5faec0a67eda8a8c3e446b3b89b1f5ee854b Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Tue, 19 Oct 2021 23:02:58 +0100 Subject: [PATCH 07/16] Use the paths to actual firmware on Fedora, rather than to symlinks. Useful reference in this comment: https://bugzilla.redhat.com/show_bug.cgi?id=1929357#c5 --- quickemu | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/quickemu b/quickemu index ee640b4..03ab776 100755 --- a/quickemu +++ b/quickemu @@ -368,9 +368,9 @@ function vm_boot() { if [ -e "/usr/share/OVMF/OVMF_CODE_4M.secboot.fd" ]; then EFI_CODE="/usr/share/OVMF/OVMF_CODE_4M.secboot.fd" efi_vars "/usr/share/OVMF/OVMF_VARS_4M.fd" "${EFI_VARS}" - elif [ -e "/usr/share/OVMF/OVMF_CODE.secboot.fd" ]; then - EFI_CODE="/usr/share/OVMF/OVMF_CODE.secboot.fd" "${EFI_VARS}" - efi_vars "/usr/share/OVMF/OVMF_VARS.fd" "${EFI_VARS}" + elif [ -e "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd" ]; then + EFI_CODE="/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd" "${EFI_VARS}" + efi_vars "/usr/share/edk2/ovmf/OVMF_VARS.fd" "${EFI_VARS}" elif [ -e "/usr/share/OVMF/x64/OVMF_CODE.secboot.fd" ]; then EFI_CODE="/usr/share/OVMF/x64/OVMF_CODE.secboot.fd" "${EFI_VARS}" efi_vars "/usr/share/OVMF/x64/OVMF_VARS.fd" "${EFI_VARS}" @@ -384,9 +384,9 @@ function vm_boot() { if [ -e "/usr/share/OVMF/OVMF_CODE_4M.fd" ]; then EFI_CODE="/usr/share/OVMF/OVMF_CODE_4M.fd" efi_vars "/usr/share/OVMF/OVMF_VARS_4M.fd" "${EFI_VARS}" - elif [ -e "/usr/share/OVMF/OVMF_CODE.fd" ]; then - EFI_CODE="/usr/share/OVMF/OVMF_CODE.fd" - efi_vars "/usr/share/OVMF/OVMF_VARS.fd" "${EFI_VARS}" + elif [ -e "/usr/share/edk2/ovmf/OVMF_CODE.fd" ]; then + EFI_CODE="/usr/share/edk2/ovmf/OVMF_CODE.fd" + efi_vars "/usr/share/edk2/ovmf/OVMF_VARS.fd" "${EFI_VARS}" elif [ -e "/usr/share/OVMF/x64/OVMF_CODE.fd" ]; then EFI_CODE="/usr/share/OVMF/x64/OVMF_CODE.fd" efi_vars "/usr/share/OVMF/x64/OVMF_VARS.fd" "${EFI_VARS}" From 7a0cf722138fc4acfd83c8bceab1e71d7bb1e7a2 Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Tue, 19 Oct 2021 23:35:58 +0100 Subject: [PATCH 08/16] Add reference for Fedora --- quickemu | 2 ++ 1 file changed, 2 insertions(+) diff --git a/quickemu b/quickemu index 03ab776..9848f96 100755 --- a/quickemu +++ b/quickemu @@ -363,6 +363,8 @@ function vm_boot() { # OVMF_CODE.secboot.fd is like OVMF_CODE_4M.fd, but will abort if QEMU # does not support SMM. + + # https://bugzilla.redhat.com/show_bug.cgi?id=1929357#c5 case ${secureboot} in on) if [ -e "/usr/share/OVMF/OVMF_CODE_4M.secboot.fd" ]; then From 444616022e13e97a0cfb82750d7af68b5c515f7e Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Tue, 19 Oct 2021 23:36:46 +0100 Subject: [PATCH 09/16] Improve error message when no SecureBoot firmware was found. --- quickemu | 1 + 1 file changed, 1 insertion(+) diff --git a/quickemu b/quickemu index 9848f96..4a13c7f 100755 --- a/quickemu +++ b/quickemu @@ -378,6 +378,7 @@ function vm_boot() { efi_vars "/usr/share/OVMF/x64/OVMF_VARS.fd" "${EFI_VARS}" else echo "ERROR! SecureBoot was requested but no SecureBoot capable firmware was found." + echo " Please install OVMF firmware." exit 1 fi BOOT_STATUS="EFI (${guest_os^}), OVMF ($(basename "${EFI_CODE}")), SecureBoot (${secureboot})." From ca03a4dada2cf57d58c9a31905164c817ce5f7b3 Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Tue, 19 Oct 2021 23:37:40 +0100 Subject: [PATCH 10/16] If EFI boot was requested an no EFI firmware is available, hard stop. --- quickemu | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/quickemu b/quickemu index 4a13c7f..6cec593 100755 --- a/quickemu +++ b/quickemu @@ -394,9 +394,9 @@ function vm_boot() { EFI_CODE="/usr/share/OVMF/x64/OVMF_CODE.fd" efi_vars "/usr/share/OVMF/x64/OVMF_VARS.fd" "${EFI_VARS}" else - BOOT_STATUS="Legacy BIOS (${guest_os^}) - EFI requested but no EFI firmware found." - boot="legacy" - secureboot="off" + echo "ERROR! EFI boot requested but no EFI firmware found." + echo " Please install OVMF firmware." + exit 1 fi BOOT_STATUS="EFI (${guest_os^}), OVMF ($(basename "${EFI_CODE}")), SecureBoot (${secureboot})." ;; From 44673e94c6ab7d9256806753c3fc692cf627708d Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Tue, 19 Oct 2021 23:39:44 +0100 Subject: [PATCH 11/16] Add guards for $EFI_CODE and $EFI_VARS Make sure that $EFI_VARS references an actual writable file. Check if $EFI_CODE reference a symlink, if so resolve the the real file. --- quickemu | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/quickemu b/quickemu index 6cec593..441481c 100755 --- a/quickemu +++ b/quickemu @@ -381,7 +381,6 @@ function vm_boot() { echo " Please install OVMF firmware." exit 1 fi - BOOT_STATUS="EFI (${guest_os^}), OVMF ($(basename "${EFI_CODE}")), SecureBoot (${secureboot})." ;; *) if [ -e "/usr/share/OVMF/OVMF_CODE_4M.fd" ]; then @@ -398,9 +397,26 @@ function vm_boot() { echo " Please install OVMF firmware." exit 1 fi - BOOT_STATUS="EFI (${guest_os^}), OVMF ($(basename "${EFI_CODE}")), SecureBoot (${secureboot})." ;; esac + + # Make sure EFI_VARS references an actual, writeable, file + if [ ! -f "${EFI_VARS}" ] || [ ! -w "${EFI_VARS}" ]; then + echo " - EFI: ERROR! ${EFI_VARS} is not a regular file or not writeable." + echo " Deleting ${EFI_VARS}. Please re-run quickemu." + rm -f "${EFI_VARS}" + exit 1 + fi + + # If EFI firmware path is a symlink, resolve it to a real file. + #if [ -L "${EFI_CODE}" ]; then + if true; then + echo " - EFI: WARNING! ${EFI_CODE} is a symlink." + echo -n " Resolving to... " + EFI_CODE=$(realpath "${EFI_CODE}") + echo "${EFI_CODE}" + fi + BOOT_STATUS="EFI (${guest_os^}), OVMF ($(basename "${EFI_CODE}")), SecureBoot (${secureboot})." else BOOT_STATUS="Legacy BIOS (${guest_os^})" secureboot="off" From 207ebde501850a1cfb8da9e27f4ee17b27241e3d Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Tue, 19 Oct 2021 23:44:30 +0100 Subject: [PATCH 12/16] Remove test stub --- quickemu | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/quickemu b/quickemu index 441481c..d0e0dfb 100755 --- a/quickemu +++ b/quickemu @@ -409,8 +409,7 @@ function vm_boot() { fi # If EFI firmware path is a symlink, resolve it to a real file. - #if [ -L "${EFI_CODE}" ]; then - if true; then + if [ -L "${EFI_CODE}" ]; then echo " - EFI: WARNING! ${EFI_CODE} is a symlink." echo -n " Resolving to... " EFI_CODE=$(realpath "${EFI_CODE}") From 145dc472aff014d3f1c6ee83433a73991cc193e3 Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Tue, 19 Oct 2021 23:45:22 +0100 Subject: [PATCH 13/16] Show full $EFI_CODE path in boot status --- quickemu | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/quickemu b/quickemu index d0e0dfb..f273430 100755 --- a/quickemu +++ b/quickemu @@ -408,14 +408,14 @@ function vm_boot() { exit 1 fi - # If EFI firmware path is a symlink, resolve it to a real file. + # If EFI_CODE references a symlink, resolve it to the real file. if [ -L "${EFI_CODE}" ]; then echo " - EFI: WARNING! ${EFI_CODE} is a symlink." echo -n " Resolving to... " EFI_CODE=$(realpath "${EFI_CODE}") echo "${EFI_CODE}" fi - BOOT_STATUS="EFI (${guest_os^}), OVMF ($(basename "${EFI_CODE}")), SecureBoot (${secureboot})." + BOOT_STATUS="EFI (${guest_os^}), OVMF (${EFI_CODE}), SecureBoot (${secureboot})." else BOOT_STATUS="Legacy BIOS (${guest_os^})" secureboot="off" From 0598fb332184b19e6ea01d2fe25cb0b98403f877 Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Tue, 19 Oct 2021 23:51:42 +0100 Subject: [PATCH 14/16] Make sure Legacy boot is in legacy mode --- quickemu | 1 + 1 file changed, 1 insertion(+) diff --git a/quickemu b/quickemu index f273430..94c9f42 100755 --- a/quickemu +++ b/quickemu @@ -418,6 +418,7 @@ function vm_boot() { BOOT_STATUS="EFI (${guest_os^}), OVMF (${EFI_CODE}), SecureBoot (${secureboot})." else BOOT_STATUS="Legacy BIOS (${guest_os^})" + boot="legacy" secureboot="off" fi From 23e3da40e3b792ca0ca77158a6bb7d2b86d6ad27 Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Mon, 25 Oct 2021 09:50:56 +0100 Subject: [PATCH 15/16] Remove erroneous EFI_VARS references --- quickemu | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/quickemu b/quickemu index 94c9f42..6d54037 100755 --- a/quickemu +++ b/quickemu @@ -371,10 +371,10 @@ function vm_boot() { EFI_CODE="/usr/share/OVMF/OVMF_CODE_4M.secboot.fd" efi_vars "/usr/share/OVMF/OVMF_VARS_4M.fd" "${EFI_VARS}" elif [ -e "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd" ]; then - EFI_CODE="/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd" "${EFI_VARS}" + EFI_CODE="/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd" efi_vars "/usr/share/edk2/ovmf/OVMF_VARS.fd" "${EFI_VARS}" elif [ -e "/usr/share/OVMF/x64/OVMF_CODE.secboot.fd" ]; then - EFI_CODE="/usr/share/OVMF/x64/OVMF_CODE.secboot.fd" "${EFI_VARS}" + EFI_CODE="/usr/share/OVMF/x64/OVMF_CODE.secboot.fd" efi_vars "/usr/share/OVMF/x64/OVMF_VARS.fd" "${EFI_VARS}" else echo "ERROR! SecureBoot was requested but no SecureBoot capable firmware was found." From db855be6ed0798457e71cf25a14ca00a0f6c746e Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Mon, 25 Oct 2021 10:01:37 +0100 Subject: [PATCH 16/16] Fallback to /etc/os-release if lsb_release is not available --- quickemu | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/quickemu b/quickemu index 6d54037..1d3d0fa 100755 --- a/quickemu +++ b/quickemu @@ -211,7 +211,7 @@ function vm_boot() { local KERNEL_NAME="Unknown" local KERNEL_NODE="" local KERNEL_VER="?" - local LSB_DESCRIPTION="" + local LSB_DESCRIPTION="Unknown OS" local MAC_BOOTLOADER="" local MAC_MISSING="" local MAC_DISK_DEV="ide-hd,bus=ahci.2" @@ -229,6 +229,8 @@ function vm_boot() { if command -v lsb_release &>/dev/null; then LSB_DESCRIPTION=$(lsb_release --description --short) + elif [ -e /etc/os-release ]; then + LSB_DESCRIPTION=$(grep PRETTY_NAME /etc/os-release | cut -d'"' -f2) fi echo "Quickemu ${VERSION} using ${QEMU} v${QEMU_VER_LONG}"