Received: by 10.213.65.68 with SMTP id h4csp3665480imn; Tue, 3 Apr 2018 08:46:22 -0700 (PDT) X-Google-Smtp-Source: AIpwx49eNfxFDmbbClTgP7tGuHS29/lvIyOsMymmdMwDxy0/9YLXP/fb2KvQLsd8j8TJd20hkZUQ X-Received: by 10.99.0.2 with SMTP id 2mr9282579pga.395.1522770382789; Tue, 03 Apr 2018 08:46:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522770382; cv=none; d=google.com; s=arc-20160816; b=M6yTBtZLcEk9R6FL3nSdjQQGDZywJ2e2SIUFIjYtvo43qtbWP4GLgrME+MonzpSiPr +pdrPsJw3jOT8qG5SI7VFDbFSLFAxDc2uzAeTpXeWU6BeI2Qym7mTkdJzDRcyZ/izECD htgQJctYS3dYWBR5fVc1tVxZesQt6uabOCAHHtxzSQfNRxRJ9T1R/XT7tAJeem+u/GcD 53XZbsccjpcSUc7/wVZcCPQ0Y/D+wnIRdYi25kqlOFbwtukP8GV1RkzobRsLwb8V/mXR X+zq2FvhlakyhW7yOX7oYcOpWWV8bhRwHysZnNSMJbKYYGeI4jr3+zRLv0AGf/kZbLER ILuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature:arc-authentication-results; bh=n1ZY6w4+olIw+WBUEoAZ/RPJxAg+bcTsSBsDrWPfPqY=; b=rnvMmD4x+Jw/3omI5f3U/jkFKCUu6jXZ5pduxLrbK3i3ho2ITm2pY5r2oSh5sxQzv0 XaXFHGzZR4MaVrLPZy6stcH1mqa2wSI6StBYZupd5Z3WTtXJHyDZ0M+YuvxGt/uyF16n mZbEbKRQW4uPQX7xwfABGD5DZDISD3VOr19Cd6O3GAIHGAhg8j8sGyo5uoeC6T7KPJwC 9m9DQOf2nmXmWFnvY+1tEvOBQZApILyYHfkYPfqAi9rp/MR/olfnIxiED1ycIa2bz3YL x+X5CIIZuqPfDvAzuTCkV2Vjswtngh5HUPpFu3nioe1aaPjcwo6AJtUOg1ytu22fOcqK sW1A== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=Cmt69ri2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a92-v6si3170666pla.107.2018.04.03.08.46.08; Tue, 03 Apr 2018 08:46:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=Cmt69ri2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752197AbeDCPop (ORCPT + 99 others); Tue, 3 Apr 2018 11:44:45 -0400 Received: from bedivere.hansenpartnership.com ([66.63.167.143]:60800 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751773AbeDCPon (ORCPT ); Tue, 3 Apr 2018 11:44:43 -0400 Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 1823F8EE27F; Tue, 3 Apr 2018 08:44:43 -0700 (PDT) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id drJr9p3MX6mo; Tue, 3 Apr 2018 08:44:42 -0700 (PDT) Received: from [153.66.254.194] (unknown [50.35.65.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 460818EE0DF; Tue, 3 Apr 2018 08:44:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1522770282; bh=TniWolf7WrrMRbO/MRiTi24W8Ai3Lb+ymE/Et+S/H/Q=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=Cmt69ri2fiIla1l1faNEFtc7el+SaRM7BTHHdAaP5DzSxvyNwYxIOMRsF/tsu6BzF NDbnOQ63/H+grrxOn79iOy7bU7KHyuYVI5u2yyB1tKChx1Sm0I4THIM2eXYUUxr72b uG0zqnOAl9ljg6qWeZTfso1ZIrxcSiNtBIW6lAq0= Message-ID: <1522770281.4522.14.camel@HansenPartnership.com> Subject: Re: [PATCH v2] x86/xen/efi: Initialize UEFI secure boot state during dom0 boot From: James Bottomley To: Daniel Kiper , linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, xen-devel@lists.xenproject.org Cc: ard.biesheuvel@linaro.org, boris.ostrovsky@oracle.com, eric.snowberg@oracle.com, hpa@zytor.com, jgross@suse.com, konrad.wilk@oracle.com, mingo@redhat.com, tglx@linutronix.de Date: Tue, 03 Apr 2018 08:44:41 -0700 In-Reply-To: <1522766345-4169-1-git-send-email-daniel.kiper@oracle.com> References: <1522766345-4169-1-git-send-email-daniel.kiper@oracle.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2018-04-03 at 16:39 +0200, Daniel Kiper wrote: > Initialize UEFI secure boot state during dom0 boot. Otherwise the > kernel > may not even know that it runs on secure boot enabled platform. > > Signed-off-by: Daniel Kiper > --- >  arch/x86/xen/efi.c                        |   57 > +++++++++++++++++++++++++++++ >  drivers/firmware/efi/libstub/secureboot.c |    3 ++ >  2 files changed, 60 insertions(+) > > diff --git a/arch/x86/xen/efi.c b/arch/x86/xen/efi.c > index a18703b..1804b27 100644 > --- a/arch/x86/xen/efi.c > +++ b/arch/x86/xen/efi.c > @@ -115,6 +115,61 @@ static efi_system_table_t __init > *xen_efi_probe(void) >   return &efi_systab_xen; >  } >   > +/* > + * Determine whether we're in secure boot mode. > + * > + * Please keep the logic in sync with > + * drivers/firmware/efi/libstub/secureboot.c:efi_get_secureboot(). > + */ > +static enum efi_secureboot_mode xen_efi_get_secureboot(void) > +{ > + static efi_guid_t efi_variable_guid = > EFI_GLOBAL_VARIABLE_GUID; > + static efi_guid_t shim_guid = EFI_SHIM_LOCK_GUID; > + efi_status_t status; > + u8 moksbstate, secboot, setupmode; > + unsigned long size; > + > + size = sizeof(secboot); > + status = efi.get_variable(L"SecureBoot", &efi_variable_guid, > +   NULL, &size, &secboot); > + > + if (status == EFI_NOT_FOUND) > + return efi_secureboot_mode_disabled; > + > + if (status != EFI_SUCCESS) > + goto out_efi_err; > + > + size = sizeof(setupmode); > + status = efi.get_variable(L"SetupMode", &efi_variable_guid, > +   NULL, &size, &setupmode); > + > + if (status != EFI_SUCCESS) > + goto out_efi_err; > + > + if (secboot == 0 || setupmode == 1) > + return efi_secureboot_mode_disabled; > + > + /* See if a user has put the shim into insecure mode. */ > + size = sizeof(moksbstate); > + status = efi.get_variable(L"MokSBStateRT", &shim_guid, > +   NULL, &size, &moksbstate); > + > + /* If it fails, we don't care why. Default to secure. */ > + if (status != EFI_SUCCESS) > + goto secure_boot_enabled; > + > + if (moksbstate == 1) > + return efi_secureboot_mode_disabled; > + > + secure_boot_enabled: > + pr_info("UEFI Secure Boot is enabled.\n"); > + return efi_secureboot_mode_enabled; > + > + out_efi_err: > + pr_err("Could not determine UEFI Secure Boot status.\n"); > + return efi_secureboot_mode_unknown; > +} > + This looks like a bad idea: you're duplicating the secure boot check in drivers/firmware/efi/libstub/secureboot.c Which is an implementation of policy.  If we have to have policy in the kernel, it should really only be in one place to prevent drift; why can't you simply use the libstub efi_get_secureboot() so we're not duplicating the implementation of policy? James