[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Booting signed xen.efi through shim

To: Daniel Kiper <daniel.kiper@xxxxxxxxxx>
From: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>
Date: Fri, 27 Oct 2017 17:19:25 -0600
Cc: "miodownikj@xxxxxxxxxxxx" <miodownikj@xxxxxxxxxxxx>, openxt@xxxxxxxxxxxxxxxx, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Fri, 27 Oct 2017 23:20:21 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Fri, Sep 22, 2017 at 5:11 PM, Daniel Kiper <daniel.kiper@xxxxxxxxxx> wrote:
> On Fri, Sep 22, 2017 at 02:25:46AM -0600, Jan Beulich wrote:
>> >>> On 22.09.17 at 00:46, <tamas@xxxxxxxxxxxxx> wrote:
>> > One piece that I see still missing is the Xen command line parameters
>> > not being verified. It would be ideal to have the option to get that
>> > set during compile time as well, similar to Linux's CONFIG_CMDLINE
>> > option, to avoid for example getting iommu or XSM being turned off by
>> > someone with physical access.
>>
>> We do have CMDLINE and CMDLINE_OVERRIDE. But for someone
>> with physical access it would likely also be possible to avoid secure
>> boot altogether?
>
> Another solutions is here: 
> http://lists.gnu.org/archive/html/grub-devel/2017-07/msg00003.html
> It is TPM based and WIP. It requires verifiers framework which should
> be posted on grub-devel soon. Or you can add your own method based
> on verifiers. Patches are welcome...
>
> Have a nice weekend,
>
> Daniel

There is an additional problem with Xen.efi being measured into TPM2
devices through the shim. The shim uses the PE_COFF_IMAGE flag when
calling TPM2's HashLogExtendEvent function. At least on my Dell
ultrabook this causes the TPM to return EFI_UNSUPPORTED error, which
according to the spec means "If the Flags bitmap has the PE_COFF_IMAGE
bit SET but the PE/COFF image is corrupt or not understood the
function shall return EFI_UNSUPPORTED". As by default the shim ignores
TPM errors (yikes!) and the verification step works, xen can
successfully boot afterwards, but AFAICT without a measurement being
stored in TPM2. At the moment unfortunately I have no idea why TPM2
have a problem interpreting Xen.efi properly. For now an easy "fix" is
to just have the shim call without PE_COFF_IMAGE flag. If anyone else
has a TPM2 device, it might be worthwhile double-checking whether it's
just a problem with my specific TPM or if it's a problem with
Xen.efi's PE/COFF header.

Tamas

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Prev by Date: Re: [Xen-devel] [PATCH v2] xen: support 52 bit physical addresses in pv guests
Next by Date: [Xen-devel] [linux-3.18 test] 115289: tolerable FAIL - PUSHED
Previous by thread: [Xen-devel] [PATCH] hw/display/xenfb: Simulate auto-repeat key events
Next by thread: [Xen-devel] [linux-3.18 test] 115289: tolerable FAIL - PUSHED
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.