[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Working Group for Secure Boot

  • To: Bob Eshleman <bobbyeshleman@xxxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Sat, 13 Mar 2021 09:38:25 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3dFlE965mmiTezsqVvDlA64nAs1eIQ7UUCYtINJGmHw=; b=ACLCiI20GRcM/oXrHYd+TNHMERBaaMxEOPv9nED513+4k3rOfPWMwDB9IWjOYvGK2yjd//xjgRHABLF4ynFrUfbrzn1S3TREFf7RjJBiM5h3aM+yZxxyjthdVyts3aKzPeSjp/nf9RvEcfNJdIvqYzFLOIYtLVn9hDfjhKdO8b/P1iFlHI3nI12hvHvqmHa8KJMSNdpm/FR+V6WsgOcvyPGlzfLyRb9tszgcaAQC7ULDmKJSmt6tmPwZuLlEJ/IAs51VE87oywtsBUpjWdSMfSdIzjGYpFEZ8ec9HmMhyYElojZOtmkXRRXhehvOT5drCXciGcgPnDPVZ8+yx2jsbQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S6XlINfyCLi87pbG2uMtyAL491iZymEHnd3TGp+912k8BeZ3QfK2crYiextgXaaLHjDJS4JfmK0dfUAmlAcTAkuIExhFrhsRyEzWlECcxfknbXaNZanu0LjBn4Rt7aZjTreOgjecN0NARcocgzgZvZErpihCCLM5of+5VA9gC35YZehTA4h9Btu0/NOvwTei2a2IpuVPBeELnyhe3xUoubIVAU/XP3Kij67r09NYujGJ/uG8tIqcRoUm1R7XdaNbVG/zo8+Zjye92ftiUfiABSIjoYJ+Px0zmnfICkO97k7jmePRicF/p8Unp03JqKXk/UkPXqscBz+IVQ9eJgZE2A==
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, <piotr.krol@xxxxxxxxx>, Olivier Lambert <olivier.lambert@xxxxxxxx>
  • Delivery-date: Sat, 13 Mar 2021 08:39:02 +0000
  • Ironport-hdrordr: A9a23:44l+RatsCcAHRj6MrqGXLkq37skDidV00zAX/kB9WHVpW+afkN 2jm+le6A/shF8qNE0ItPKhHO27QX3a/YNo+oV5B9yfdSTvpWfAFu5fxKT4xTmIIUPD38pQz7 1pfaQ7KPCYNykYse/f4A21V+kt28OG9qfAv4bj5kxgRw1rdK1shj0RYmz3LmRNWAJECZAlfa DshPZvmjzIQxQqR/X+Kn4ZX/XS4/3n/aiWBSIuNlocxk2jrR7A0s+eLySl
  • Ironport-sdr: 7L5Qxwlrr1k5vG7vLmNHHQlKz+KMSYJZyEGO1sl/rqyXenr/8w3pgADdmOBlBaYJP1QavJ4xYY g2Wb4/wplJpnh6rJWrJcHr/vfrhJxkTHf9bPgP2XHAmL8dm5AXhA9+cxuAQ91ThaLo8c6KUdMx cMnjpuPeX9efn8sAdGOmlsUD2Ap3JsZPoNwSwPa7f3VB70bhwT+0fHM9Ark7jgLWEBG9S/B1b4 brhi5hT+xqn8B8MJDgdq4JbbC51gwRinSwFfvLdgQm+O8ikwxxsnn5lVRPWst/7WrreUiHfW8v Cws=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Thu, Mar 11, 2021 at 10:34:02AM -0800, Bob Eshleman wrote:
> Hey all,
> 
> We would like to start a working group for secure boot support in Xen
> to coordinate the various interested parties and set out a plan for
> the feature and its implications for the whole Xen system.
> 
> The end goal is a full implementation that restricts the interfaces
> dom0 has to affect Xen, akin to Linux's lockdown LSM.  This implicates
> important parts of the ABI (e.g., /dev/xen/privcmd/) and so will
> require input from the greater community.
> 
> I'm not familiar with how working groups function in the Xen project,
> so this email also opens the floor for suggestions as to how this might
> be managed.
> 
> We'd love to hear from anyone interested in such a group and how the
> community as a whole feels about such an effort.

Please add me, if nothing else I need to at least to figure out if
this could also be used for secure boot on FreeBSD.

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.