[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 4/4] efi: Do not use command line if secure boot is enabled.

To: Trammell Hudson <hudson@xxxxxxxx>
From: Jan Beulich <jbeulich@xxxxxxxx>
Date: Thu, 17 Sep 2020 17:26:17 +0200
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "roger.pau@xxxxxxxxxx" <roger.pau@xxxxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "wl@xxxxxxx" <wl@xxxxxxx>
Delivery-date: Thu, 17 Sep 2020 15:26:25 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 17.09.2020 16:05, Trammell Hudson wrote:
> On Thursday, September 17, 2020 8:51 AM, Jan Beulich <jbeulich@xxxxxxxx> 
> wrote:
>> On 14.09.2020 13:50, Trammell Hudson wrote:
>>> If secure boot is enabled, the Xen command line arguments are ignored.
>>> If a unified Xen image is used, then the bundled configuration, dom0
>>> kernel, and initrd are prefered over the ones listed in the config file.
>>> Unlike the shim based verification, the PE signature on a unified image
>>> covers the all of the Xen+config+kernel+initrd modules linked into the
>>> unified image. This also ensures that properly configured platforms
>>> will measure the entire runtime into the TPM for unsealing secrets or
>>> remote attestation.
>>
>> The command line may also include a part handed on to the Dom0 kernel.
>> If the Dom0 kernel image comes from disk, I don't see why that part of
>> the command line shouldn't be honored. Similarly, if the config file
>> doesn't come from the unified image, I think Xen's command line options
>> should also be honored.
> 
> Ignoring the command line and breaking the shim behaviour in a
> unified image should be ok; that is an explicit decision by the
> system owner to sign and configure the new image (and the shim
> is not used in a unified image anyway).
> 
> If we have a way to detect a unified image early enough, then
> we can avoid the backwards incompatibility if it is not unified.

I was assuming this was easily possible, if necessary as about the
first thing we do. If it's not as easy, perhaps something wants
adding to make it so?

> That would require moving the config parsing to above the relocation
> call.

I guess I don't understand why this would be.

Jan

Follow-Ups:
- Re: [PATCH v4 4/4] efi: Do not use command line if secure boot is enabled.
  - From: Trammell Hudson

References:
- [PATCH v4 0/4] efi: Unified Xen hypervisor/kernel/initrd images
  - From: Trammell Hudson
- [PATCH v4 4/4] efi: Do not use command line if secure boot is enabled.
  - From: Trammell Hudson
- Re: [PATCH v4 4/4] efi: Do not use command line if secure boot is enabled.
  - From: Jan Beulich
- Re: [PATCH v4 4/4] efi: Do not use command line if secure boot is enabled.
  - From: Trammell Hudson

Prev by Date: Re: [PATCH v4 3/4] efi: Enable booting unified hypervisor/kernel/initrd images
Next by Date: [PATCH v5 0/5] efi: Unified Xen hypervisor/kernel/initrd images
Previous by thread: Re: [PATCH v4 4/4] efi: Do not use command line if secure boot is enabled.
Next by thread: Re: [PATCH v4 4/4] efi: Do not use command line if secure boot is enabled.
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.