summaryrefslogtreecommitdiffstats
path: root/docs
diff options
context:
space:
mode:
authorPeter Maydell2022-02-23 10:25:05 +0100
committerPeter Maydell2022-02-23 10:25:05 +0100
commit4aa2e497a98bafe962e72997f67a369e4b52d9c1 (patch)
treea688eb9c357022c35eab15ad1dc155b413d581e8 /docs
parentMerge remote-tracking branch 'remotes/lvivier-gitlab/tags/trivial-branch-for-... (diff)
parentdocs: expand firmware descriptor to allow flash without NVRAM (diff)
downloadqemu-4aa2e497a98bafe962e72997f67a369e4b52d9c1.tar.gz
qemu-4aa2e497a98bafe962e72997f67a369e4b52d9c1.tar.xz
qemu-4aa2e497a98bafe962e72997f67a369e4b52d9c1.zip
Merge remote-tracking branch 'remotes/berrange-gitlab/tags/misc-next-pull-request' into staging
This misc series of changes: - Improves documentation of SSH fingerprint checking - Fixes SHA256 fingerprints with non-blockdev usage - Blocks the clone3, setns, unshare & execveat syscalls with seccomp - Blocks process spawning via clone syscall, but allows threads, with seccomp - Takes over seccomp maintainer role - Expands firmware descriptor spec to allow flash without NVRAM # gpg: Signature made Thu 17 Feb 2022 11:57:13 GMT # gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full] # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full] # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange-gitlab/tags/misc-next-pull-request: docs: expand firmware descriptor to allow flash without NVRAM MAINTAINERS: take over seccomp from Eduardo Otubo seccomp: block setns, unshare and execveat syscalls seccomp: block use of clone3 syscall seccomp: fix blocking of process spawning seccomp: add unit test for seccomp filtering seccomp: allow action to be customized per syscall block: print the server key type and fingerprint on failure block: support sha256 fingerprint with pre-blockdev options block: better document SSH host key fingerprint checking Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'docs')
-rw-r--r--docs/interop/firmware.json54
-rw-r--r--docs/system/qemu-block-drivers.rst.inc30
2 files changed, 72 insertions, 12 deletions
diff --git a/docs/interop/firmware.json b/docs/interop/firmware.json
index 8d8b0be030..4e049b1c7c 100644
--- a/docs/interop/firmware.json
+++ b/docs/interop/firmware.json
@@ -210,24 +210,61 @@
'data' : { 'filename' : 'str',
'format' : 'BlockdevDriver' } }
+
+##
+# @FirmwareFlashType:
+#
+# Describes how the firmware build handles code versus variable
+# persistence.
+#
+# @split: the executable file contains code while the NVRAM
+# template provides variable storage. The executable
+# must be configured read-only and can be shared between
+# multiple guests. The NVRAM template must be cloned
+# for each new guest and configured read-write.
+#
+# @combined: the executable file contains both code and
+# variable storage. The executable must be cloned
+# for each new guest and configured read-write.
+# No NVRAM template will be specified.
+#
+# @stateless: the executable file contains code and variable
+# storage is not persisted. The executable must
+# be configured read-only and can be shared
+# between multiple guests. No NVRAM template
+# will be specified.
+#
+# Since: 7.0.0
+##
+{ 'enum': 'FirmwareFlashMode',
+ 'data': [ 'split', 'combined', 'stateless' ] }
+
##
# @FirmwareMappingFlash:
#
# Describes loading and mapping properties for the firmware executable
# and its accompanying NVRAM file, when @FirmwareDevice is @flash.
#
-# @executable: Identifies the firmware executable. The firmware
-# executable may be shared by multiple virtual machine
-# definitions. The preferred corresponding QEMU command
-# line options are
+# @mode: Describes how the firmware build handles code versus variable
+# storage. If not present, it must be treated as if it was
+# configured with value ``split``. Since: 7.0.0
+#
+# @executable: Identifies the firmware executable. The @mode
+# indicates whether there will be an associated
+# NVRAM template present. The preferred
+# corresponding QEMU command line options are
# -drive if=none,id=pflash0,readonly=on,file=@executable.@filename,format=@executable.@format
# -machine pflash0=pflash0
-# or equivalent -blockdev instead of -drive.
+# or equivalent -blockdev instead of -drive. When
+# @mode is ``combined`` the executable must be
+# cloned before use and configured with readonly=off.
# With QEMU versions older than 4.0, you have to use
# -drive if=pflash,unit=0,readonly=on,file=@executable.@filename,format=@executable.@format
#
# @nvram-template: Identifies the NVRAM template compatible with
-# @executable. Management software instantiates an
+# @executable, when @mode is set to ``split``,
+# otherwise it should not be present.
+# Management software instantiates an
# individual copy -- a specific NVRAM file -- from
# @nvram-template.@filename for each new virtual
# machine definition created. @nvram-template.@filename
@@ -246,8 +283,9 @@
# Since: 3.0
##
{ 'struct' : 'FirmwareMappingFlash',
- 'data' : { 'executable' : 'FirmwareFlashFile',
- 'nvram-template' : 'FirmwareFlashFile' } }
+ 'data' : { '*mode': 'FirmwareFlashMode',
+ 'executable' : 'FirmwareFlashFile',
+ '*nvram-template' : 'FirmwareFlashFile' } }
##
# @FirmwareMappingKernel:
diff --git a/docs/system/qemu-block-drivers.rst.inc b/docs/system/qemu-block-drivers.rst.inc
index e313784426..dfe5d2293d 100644
--- a/docs/system/qemu-block-drivers.rst.inc
+++ b/docs/system/qemu-block-drivers.rst.inc
@@ -778,10 +778,32 @@ The optional *HOST_KEY_CHECK* parameter controls how the remote
host's key is checked. The default is ``yes`` which means to use
the local ``.ssh/known_hosts`` file. Setting this to ``no``
turns off known-hosts checking. Or you can check that the host key
-matches a specific fingerprint:
-``host_key_check=md5:78:45:8e:14:57:4f:d5:45:83:0a:0e:f3:49:82:c9:c8``
-(``sha1:`` can also be used as a prefix, but note that OpenSSH
-tools only use MD5 to print fingerprints).
+matches a specific fingerprint. The fingerprint can be provided in
+``md5``, ``sha1``, or ``sha256`` format, however, it is strongly
+recommended to only use ``sha256``, since the other options are
+considered insecure by modern standards. The fingerprint value
+must be given as a hex encoded string::
+
+ host_key_check=sha256:04ce2ae89ff4295a6b9c4111640bdcb3297858ee55cb434d9dd88796e93aa795
+
+The key string may optionally contain ":" separators between
+each pair of hex digits.
+
+The ``$HOME/.ssh/known_hosts`` file contains the base64 encoded
+host keys. These can be converted into the format needed for
+QEMU using a command such as::
+
+ $ for key in `grep 10.33.8.112 known_hosts | awk '{print $3}'`
+ do
+ echo $key | base64 -d | sha256sum
+ done
+ 6c3aa525beda9dc83eadfbd7e5ba7d976ecb59575d1633c87cd06ed2ed6e366f -
+ 12214fd9ea5b408086f98ecccd9958609bd9ac7c0ea316734006bc7818b45dc8 -
+ d36420137bcbd101209ef70c3b15dc07362fbe0fa53c5b135eba6e6afa82f0ce -
+
+Note that there can be multiple keys present per host, each with
+different key ciphers. Care is needed to pick the key fingerprint
+that matches the cipher QEMU will negotiate with the remote server.
Currently authentication must be done using ssh-agent. Other
authentication methods may be supported in future.