This is already fixed via the patch that MST just sent in his pull. So wait
a few days for that to be merged and it'll be all set.
No need for this patch here. Do not merge.
On Wed, Feb 1, 2023, 08:57 James Bottomley <j...@linux.ibm.com> wrote:
> The origin commit for rng seeding 67f7e426e5 ("hw/i386: pass RNG seed
> via setup_data entry") modifies the kernel image file to append a
> random seed. Obviously this makes the hash of the kernel file
> non-deterministic and so breaks both measured and some signed boots.
> The commit notes it's only for non-EFI (because EFI has a different
> RNG seeding mechanism) so, since there are no non-EFI q35 systems, this
> should be disabled for the whole of the q35 machine type to bring back
> deterministic kernel file hashes.
>
> Obviously this still leaves the legacy bios case broken for at least
> measured boot, but I don't think anyone cares about that now.
>
> Signed-off-by: James Bottomley <j...@linux.ibm.com>
> ---
> hw/i386/pc_q35.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
> index 83c57c6eb1..11e8dd7ca7 100644
> --- a/hw/i386/pc_q35.c
> +++ b/hw/i386/pc_q35.c
> @@ -357,6 +357,7 @@ static void pc_q35_machine_options(MachineClass *m)
> pcmc->default_nic_model = "e1000e";
> pcmc->pci_root_uid = 0;
> pcmc->default_cpu_version = 1;
> + pcmc->legacy_no_rng_seed = true;
>
> m->family = "pc_q35";
> m->desc = "Standard PC (Q35 + ICH9, 2009)";
> @@ -394,9 +395,7 @@ DEFINE_Q35_MACHINE(v7_2, "pc-q35-7.2", NULL,
>
> static void pc_q35_7_1_machine_options(MachineClass *m)
> {
> - PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
> pc_q35_7_2_machine_options(m);
> - pcmc->legacy_no_rng_seed = true;
> compat_props_add(m->compat_props, hw_compat_7_1,
> hw_compat_7_1_len);
> compat_props_add(m->compat_props, pc_compat_7_1,
> pc_compat_7_1_len);
> }
> --
> 2.35.3
>
>
>
