[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] SUPPORT.md: explicitly mention EFI (secure) boot status

  • To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Thu, 11 May 2023 15:36:13 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QynTMtKm9yTbukJYheanqMIgEUBj21sLJU4rzZoXO/Q=; b=V9Zm3MUV5Y/3t8h+vmn/bEWfzxDwRjej2l62b12gc2cZvoiC7wB3LMi8WIF0xrqmfAaopbJwaOK0EcZoxGQHqA586erB83pHsgWEvRvpsrSPgES/ZRMEUyicK7Rpcr2nX4zchYCzsB9kyf5uK++MBXY8H10MyzkRvfQV9+WmHFqI8c+1Dek4NZ6EEu79Ghe/rBpKLGrPnH82F8Nj8+wGRKchbqF8t/BZMSYFQWDIQXjHGO10F+sPVpiAVfrrYoC4XZ3r7vpgaWHA5mKDuobGBJpPNbsKHE1ov0CMhmFUQMewFzyme2eG1j5oCMkdk+SVU89jZ1OfyT/iiuGJ7HT2+g==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CLLCMzxg6kkd4RPs8Lm9KwTuIU7xQOTZbNK6hANLQuTRrRrrYQMmyUFfoyY7x0srSGlk7QEyselGKZnEEZb8i+bkJIMXHMU9XNkePrdgGNdw+6AAapqiv7Cz9r0OAOcpuGRDqXHd+Yz4yBCuvScQA5dB0UVutI2FucwD+Ui9hANLD8IYajDdx9AwAuok1+oybDu+pe+MELchqXQUjQqvPcopQDImoe1JVotu09J4pGzWxlDGWsxz2OPNDQbJiCVu3Xoab+AhamXX5Qu7hUT2qJaUiD4GZaeH7JSd7TMFNtHxR+GvpAD4bCZKLkLGcGggXOdJi2Y27YwlLEbehX/g+Q==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Thu, 11 May 2023 14:36:42 +0000
  • Ironport-data: A9a23:LY40G677GR4bdLo3N1WBagxRtPLGchMFZxGqfqrLsTDasY5as4F+v jQXWGjXOPeCYGOkctx+bIS0pkIO7Z/UzNJhS1Fq+3o3Hi5G8cbLO4+Ufxz6V8+wwm8vb2o8t plDNYOQRCwQZiWBzvt4GuG59RGQ7YnRGvynTraCYnsrLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMSaM1K+s9JOGjt8B5mr9VU+7ZwehBtC5gZlPa0S5QeE/5UoJMl3yZ+ZfiOQrrZ8RoZWd 86bpJml82XQ+QsaC9/Nut4XpWVTH9Y+lSDX4pZnc/DKbipq/0Te4Y5iXBYoUm9Fii3hojxE4 I4lWapc6+seFvakdOw1C3G0GszlVEFM0OevzXOX6aR/w6BaGpdFLjoH4EweZOUlFuhL7W5my /4UazA1cEu/hvOG/Kumd/Uvm5s4BZy+VG8fkikIITDxK98DGcyGaYOaoNhS0XE3m9xEGuvYa 4wBcz1zYR/cYhpJfFAKFJY5m+TujX76G9FagAvN+exrvC6MkEotj9ABM/KMEjCObexTklyVu STt+GPhDwtBHNee1SCE4jSngeqncSbTAdpNSOboqKUz6LGV7lU4UkUxfEGFmviayUG9Vc8PM nMf5SV7+MDe82TuFLERRSaQonSJoxodUNp4CPAh5UeGza+8yxaUAC0IQyBMbPQitdQqXno62 1mRhdTrCDdz9rqPRhq19KqQrD60ETgYKykFfyBsZRAe/9DprYU3jxTOZtVuCqi4ipvyAz6Y6 y+OhDgzgfMUl8Fj6kmg1VXOgjbprJ6ZSAcwvlnTRjj9slw/Y5O5bYu171Sd9exHMIuSUliGu j4DhtSa6+cNS5qKkURhXdkwIV1g3N7dWBW0vLKlN8BJG+iFk5J7Qb1t3Q==
  • Ironport-hdrordr: A9a23:SGlJbqC9lWrxnjnlHeixsseALOsnbusQ8zAXPh9KJCC9I/bzqy nxpp8mPH/P5wr5lktQ4OxoS5PwJk80kqQFnLX5XI3SJjUO3VHFEGgM1/qA/9SNIVyaygcZ79 YaT0EcMqyPMbEZt6bHCWCDer5PoeVvsprY/ds2p00dMj2CAJsQizuRZDzrdHGeCDM2Z6bQQ/ Gnl7Z6TnebCDwqhoPRPAh2Y8Hz4/nw0L72ax8PABAqrCGIkDOT8bb/VzSIwxsEVDtL4LE6tU zIiRbw6KmPu+yyjka07R6e071m3P/ajvdTDs2FjcYYbh3qlwaTfYxkH5GSoTwvp+mryVAy1P 3BuQ0pMchf427YOku1vRzu8Q/91ytG0Q6u9XaoxV/Y5eDpTjMzDMRMwapfbxvi8kIl+PVxyr hC0W61v4deSUqoplW22/H4EzVR0makq3srluAey1RZTIslcbdU6agS5llcHpssFD/zrKonDO 5tJsfB4+s+SyLQU1np+k1UhPC8VHU6GRmLBmAEp8yuyjBT2Et0ykMJrfZv6UsoxdYYcd1p9u 7EOqNnmPVlVckNd59wA+8HXI+eFnHNaQikChPTHX3XUIU8f17doZ/+57s4oMuwfoYT8Zc0kJ PdFHtFqG8JfV70A8Hm5uwLzvn0ehT+Yd3R8LAa23Ag0YeMAIYDcBfzBmzGqvHQ4Mn2WabgKr GO0JE/OY6WEYKhI/cO4+TEYeggFZAvarxlhj8FYSP/nivqEPydigWJSoebGJPdVRAZZ0jYPl wvGBDOGeQo1DHfZpa/ummfZ0/Q
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 11/05/2023 3:34 pm, Jan Beulich wrote:
> While normal booting is properly supported on both x86 and Arm64, secure
> boot reportedly requires quite a bit more work to be actually usable
> (and providing the intended guarantees). The mere use of the shim
> protocol for verifying the Dom0 kernel image isn't enough.
>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.