[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 1/7] x86/kexec: add digest checks
- To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Kevin Lampis <kevin.lampis@xxxxxxxxxx>
- From: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
- Date: Tue, 23 Jun 2026 17:54:48 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HCFmhgDBSFNseXxGWUNG8RRJy3ShcGJmDU4FF9ODGnU=; b=Lv5xVZofpJ0JhHR4t6xffaDNsXojmI54l7PvrHkosItb2V9VNQM5vuKW09hGEcMWJZOrOCAlCnc2yIkmEKmwewhzQa8+pPkiTo9LJLrsC8MnPNrTMsSydaLprmpMt1SIc8bkfSAgsuQcnbnVGkiGmL0vxol0diwpCO3ubPehTIfGwNU7GF9QKBAQkGA6yR6ln7FZ2tk4ergObxz1B8eE0xlhI7GdSzI30qrQl8lywt8xK6AnbSjPplNcb9NW1OcsRBtCniWtv9lLhbPmIMHgYyOxP7J95iiris3RUVtZFF5uwRveLaMWo79HlKPetY7sc+q7MVojCUyhUInloW3q4g==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ahUbhTmbSG9vwQzAMJVnWqStWE4shj8scQ1JV7mcxQBh5Vg31D+RuNPEDFy5TSKxtjuKfnZXuFDRb7ji/SB/bnenQdJKQi5ZYa1rZfn1JIBS2fRNlG5mNyQdGCv3EpGPv23IEh/ZJNmx28aDfIF3tLwnLydaOdkAZe7EF81cCCUl/0P9P1f1sZ/fQGPGeWQ/ivPyEASrWjpMBieacz2TRNZMZGuz9zZ4rX21UeFLZZv9q6EJS0WKp4mGNmVTIiiz49V4V10H4tQuiEh0oG6tEc6hM7nQ7U8IXkGh7jNbRdkSxdjJZtYXiDJpihCN0Ni5lv1WaKao/noZ3LMTEBleDg==
- Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=citrix.com header.i="@citrix.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: roger.pau@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx
- Delivery-date: Tue, 23 Jun 2026 16:55:07 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 6/23/26 5:08 PM, Andrew Cooper wrote:
On 23/06/2026 3:44 pm, Jan Beulich wrote:
On 22.06.2026 17:18, Kevin Lampis wrote:
From: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
To support UEFI Secure Boot we must check that the kexec data has not
changed between signature verification and actual execution.
However, this is also a good check to perform generally.
During kexec load, calculate a digest over all the kexec segments. This
digest is stored and verified again later prior to entering the image.
For now, only kexec crash images are supported.
Signed-off-by: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
Signed-off-by: Kevin Lampis <kevin.lampis@xxxxxxxxxx>
I guess I'm not quite following here. For secure boot purposes, shouldn't
the new kernel already come with a digest (or really with a signature),
which we could check in both kexec_load() and kexec_crash()? If we check
against a digest we calculated ourselves, we'd apply more trust than we
should.
There are two problems.
One is plain TOCTOU. We load the crash kernel at boot, and we jump to
it in the case that something has fatally-but-not-catastrophically gone
wrong. Really, the digest here is an integrity check.
One is that Xen cannot perform the signature check on the passed
kernel. At least, not without gaining a full X.509 stack and
authenticode algorithm, or a PGP implementation or equivalent.
ExitBootServices() nukes SHIM_LOCK/LOADER protocols so they cannot be
used later in runtime.
FWIW at one point Shim did have the option to keep the SHIM_LOCK
protocol after ExitBootServices(). We tried to use it but it was buggy
and didn't work and was then removed when the new LOADER protocol came
in.
Ross
|
