OvmfPkg/X86QemuLoadImageLib: make legacy loader configurable.

Add the 'opt/org.tianocore/EnableLegacyLoader' FwCfg option to
enable/disable the insecure legacy linux kernel loader.

For now this is enabled by default.  Probably the default will be
flipped to disabled at some point in the future.

Also print a warning to the screen in case the linux kernel secure
boot verification has failed.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c

@@ -19,8 +19,10 @@
 #include <Library/MemoryAllocationLib.h>
 #include <Library/PrintLib.h>
 #include <Library/QemuFwCfgLib.h>
+#include <Library/QemuFwCfgSimpleParserLib.h>
 #include <Library/QemuLoadImageLib.h>
 #include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiLib.h>
 #include <Protocol/DevicePath.h>
 #include <Protocol/LoadedImage.h>
 #include <Protocol/OvmfLoadedX86LinuxKernel.h>
@@ -421,13 +423,45 @@ QemuLoadKernelImage (
     // Fall through
     //
     case EFI_ACCESS_DENIED:
-    //
+      //
-    // We are running with UEFI secure boot enabled, and the image failed to
+      // We are running with UEFI secure boot enabled, and the image failed to
-    // authenticate. For compatibility reasons, we fall back to the legacy
+      // authenticate. For compatibility reasons, we fall back to the legacy
-    // loader in this case.
+      // loader in this case (unless disabled via fw_cfg).
-    //
+      //
-    // Fall through
+    {
-    //
+      EFI_STATUS  RetStatus;
+      BOOLEAN     Enabled = TRUE;
+
+      AsciiPrint (
+        "OVMF: Secure boot image verification failed.  Consider using the '-shim'\n"
+        "OVMF: command line switch for qemu (available in version 10.0 + newer).\n"
+        "\n"
+        );
+
+      RetStatus = QemuFwCfgParseBool (
+                    "opt/org.tianocore/EnableLegacyLoader",
+                    &Enabled
+                    );
+      if (EFI_ERROR (RetStatus)) {
+        Enabled = TRUE;
+      }
+
+      if (!Enabled) {
+        AsciiPrint (
+          "OVMF: Fallback to insecure legacy linux kernel loader is disabled.\n"
+          "\n"
+          );
+        return EFI_ACCESS_DENIED;
+      } else {
+        AsciiPrint (
+          "OVMF: Using legacy linux kernel loader (insecure and deprecated).\n"
+          "\n"
+          );
+        //
+        // Fall through
+        //
+      }
+    }
     case EFI_UNSUPPORTED:
       //
       // The image is not natively supported or cross-type supported. Let's try

OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf

@@ -33,6 +33,7 @@
   LoadLinuxLib
   PrintLib
   QemuFwCfgLib
+  QemuFwCfgSimpleParserLib
   ReportStatusCodeLib
   UefiBootServicesTableLib