Unverified Commit 4bee6de2 authored by Kroese's avatar Kroese Committed by GitHub
Browse files

feat: Disable S3 and S4 mode for Windows guests (#479)

parent 2a8cd473
Loading
Loading
Loading
Loading
+1 −3
Original line number Diff line number Diff line
@@ -6,9 +6,7 @@ body:
  - type: markdown
    attributes:
      value: |
        Have a general question about QEMU for Docker?
        Please do not use this form for technical issues.
        And make sure to check the [FAQ](https://github.com/qemus/qemu-docker/blob/master/readme.md) first!
        Please do not use this form for technical issues, and make sure to check the [FAQ](https://github.com/qemus/qemu-docker/blob/master/readme.md) first!
  - type: textarea
    id: question
    attributes:
+6 −4
Original line number Diff line number Diff line
@@ -11,7 +11,7 @@ SECURE=",smm=off"

case "${BOOT_MODE,,}" in
  uefi)
    BOOT_DESC=" (UEFI)"
    BOOT_DESC=" with UEFI"
    ROM="OVMF_CODE_4M.fd"
    VARS="OVMF_VARS_4M.fd"
    ;;
@@ -24,6 +24,7 @@ case "${BOOT_MODE,,}" in
  windows | windows_plain)
    ROM="OVMF_CODE_4M.fd"
    VARS="OVMF_VARS_4M.fd"
    BOOT_OPTS="-global ICH9-LPC.disable_s3=1 -global ICH9-LPC.disable_s4=1"
    ;;
  windows_secure)
    TPM="Y"
@@ -31,10 +32,12 @@ case "${BOOT_MODE,,}" in
    BOOT_DESC=" securely"
    ROM="OVMF_CODE_4M.ms.fd"
    VARS="OVMF_VARS_4M.ms.fd"
    BOOT_OPTS="-global ICH9-LPC.disable_s3=1 -global ICH9-LPC.disable_s4=1"
    ;;
  windows_legacy)
    BOOT_DESC=" (legacy)"
    USB="usb-ehci,id=ehci"
    BOOT_OPTS="-global ICH9-LPC.disable_s3=1 -global ICH9-LPC.disable_s4=1"
    ;;
  legacy)
    BOOT_OPTS=""
@@ -62,7 +65,6 @@ if [[ "${BOOT_MODE,,}" != "legacy" ]] && [[ "${BOOT_MODE,,}" != "windows_legacy"

  if [[ "${BOOT_MODE,,}" == "secure" ]] || [[ "${BOOT_MODE,,}" == "windows_secure" ]]; then
    BOOT_OPTS="$BOOT_OPTS -global driver=cfi.pflash01,property=secure,value=on"
    [[ "${BOOT_MODE,,}" == "windows_secure" ]] && BOOT_OPTS="$BOOT_OPTS -global ICH9-LPC.disable_s3=1"
  fi

  BOOT_OPTS="$BOOT_OPTS -drive file=$DEST.rom,if=pflash,unit=0,format=raw,readonly=on"
@@ -86,7 +88,7 @@ if [[ "$TPM" == [Yy1]* ]]; then
    [ -S "/run/swtpm-sock" ] && break

    if (( i % 10 == 0 )); then
      echo "Waiting for TPM socket to become available..."
      echo "Waiting for TPM emulator to become available..."
    fi

    sleep 0.1
@@ -94,7 +96,7 @@ if [[ "$TPM" == [Yy1]* ]]; then
  done

  if [ ! -S "/run/swtpm-sock" ]; then
    error "TPM socket not found? Disabling TPM support..."
    error "TPM socket not found? Disabling TPM module..."
  else
    BOOT_OPTS="$BOOT_OPTS -chardev socket,id=chrtpm,path=/run/swtpm-sock"
    BOOT_OPTS="$BOOT_OPTS -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0"
+2 −2
Original line number Diff line number Diff line
@@ -12,9 +12,9 @@ RAM_OPTS=$(echo "-m $RAM_SIZE" | sed 's/MB/M/g;s/GB/G/g;s/TB/T/g')
CPU_OPTS="-cpu $CPU_FLAGS -smp $CPU_CORES,sockets=1,dies=1,cores=$CPU_CORES,threads=1"
MON_OPTS="-monitor $MONITOR -name $PROCESS,process=$PROCESS,debug-threads=on"
MAC_OPTS="-machine type=${MACHINE}${SECURE},graphics=off,vmport=off,dump-guest-core=off,hpet=off${KVM_OPTS}"
DEV_OPTS="-device virtio-balloon-pci,id=balloon0,bus=pcie.0,addr=0x4"
DEV_OPTS="$DEV_OPTS -object rng-random,id=objrng0,filename=/dev/urandom"
DEV_OPTS="-object rng-random,id=objrng0,filename=/dev/urandom"
DEV_OPTS="$DEV_OPTS -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pcie.0,addr=0x1c"
[[ "${BOOT_MODE,,}" != "windows"* ]] && DEV_OPTS="$DEV_OPTS -device virtio-balloon-pci,id=balloon0,bus=pcie.0,addr=0x4"

ARGS="$DEF_OPTS $CPU_OPTS $RAM_OPTS $MAC_OPTS $DISPLAY_OPTS $MON_OPTS $SERIAL_OPTS $USB_OPTS $NET_OPTS $DISK_OPTS $BOOT_OPTS $DEV_OPTS $ARGUMENTS"
ARGS=$(echo "$ARGS" | sed 's/\t/ /g' | tr -s ' ')
+2 −0
Original line number Diff line number Diff line
@@ -63,6 +63,8 @@ if [[ "$KVM" != [Nn]* ]]; then
        HV_FEATURES="$HV_FEATURES,-hv-avic"
      fi

      HV_FEATURES="$HV_FEATURES,-hv-evmcs"

    else

      # Intel processor