Received: by 10.192.165.156 with SMTP id m28csp466510imm; Wed, 11 Apr 2018 02:02:03 -0700 (PDT) X-Google-Smtp-Source: AIpwx48WwE9iTS9ojefXwjHhTapGBijVjk4u74UVvpdbKt1DHB4eB+nmF9tJr3Srm0xyc94u/Ihk X-Received: by 2002:a17:902:6bc9:: with SMTP id m9-v6mr4125831plt.146.1523437322980; Wed, 11 Apr 2018 02:02:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523437322; cv=none; d=google.com; s=arc-20160816; b=B+YBZeWMC6iBJ+UAqTIAD5zRLXT/kqvvn+6H2R1uCwT7hwXEmji5R4I7Sx8YCsNsKh y28MC7EZNZzHiOpcK727iBGno1W6TZHKYc5B6x6/BBqz0mWrl+RwQoZlORUexh2gP9ca p3/ZS4kuMFTOpJopRpds7KjrehIteYdceV1diF3wSsoaXtM3uqMhfQs9cjvQswpixunF kFf8IawB1pdx20OhuFeNxiXYOQq4hMxqXmP4Xo0tcup/E5zA9mVvGfW6QfzKcD16cqBS Cqx62hPKSFMB/wuA3pUBWzjISZLTLVATPzCYac0qnEIzQlhkAx/URE3CEbfWNKKH/Kyl 3RHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature :arc-authentication-results; bh=wwaAiTp4A9HMofmHLdKdatxae6cToTsLMwSoOL17cBc=; b=eEkvaNOAlv7jme2H8mXN09EGoNg0K1FBxT/5kmAVM7FN0tnzmeT7w1xKolx6WpHHId 7hSJhQ7MtmHWEMp8fc0nIQlUFuPNX3vkB+AJYzyXf6otDhCm0ZWFIwJZpwJUQO5X5TCp +4eNriMRTlmfsygdyVaNt4qW2jrscM/kJ+7k1ulHmK9hjSi7LE462V2UKgAHMtgVzc6O uxbYzklYJT6/m+qPBPS7tDXFgkKgQ3V3NKTa+wkGFRMOGuB+3qXiq+p90vjzoSYTR7es yD5ZVOyEPPC1UBkHFs3weitQ9VZYOxDjyexZ7UTAEjgaquxYOffTy5JoUQK4ZFQ3qBmY eI0g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=s9Rz9iLK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 133si449309pgc.341.2018.04.11.02.01.25; Wed, 11 Apr 2018 02:02:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=s9Rz9iLK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753050AbeDKI4z (ORCPT + 99 others); Wed, 11 Apr 2018 04:56:55 -0400 Received: from aserp2120.oracle.com ([141.146.126.78]:44564 "EHLO aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753032AbeDKI4t (ORCPT ); Wed, 11 Apr 2018 04:56:49 -0400 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w3B8uU9q131722; Wed, 11 Apr 2018 08:56:30 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : content-transfer-encoding : in-reply-to; s=corp-2017-10-26; bh=wwaAiTp4A9HMofmHLdKdatxae6cToTsLMwSoOL17cBc=; b=s9Rz9iLKpICKvApnyNSqcg/lOCqople0y6Rj6hvB/mCH5emiSClOFKzPFtBQdUl+8ACM CkN86LYR45kUc0opFs68StEZuLMKqEBvHmyyaW6LXSZwjwlXnMU3gvtOEOtKtY6phDb4 ZJvAEVrJLLM6TcnyiuieHuOpfjn9DLOsd6rW9FZw8dvJdNvyBJaFr31fiGDDYzwUleYZ lRKBF1u7wtgbWgziwDjQsWIy36oAUaQdFbql9p7Da8SLXDKXsyoxOKMdmqFk4/W/l9ZN dNYolH6xnBcP0sQtJt4v+BXzD+wMV2+IaZLqwI+bWwrv/6en5Q1VKgYXoDa0UIsqt9Gb /A== Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by aserp2120.oracle.com with ESMTP id 2h6ny3e517-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 11 Apr 2018 08:56:29 +0000 Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w3B8uSmP010415 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 11 Apr 2018 08:56:28 GMT Received: from abhmp0010.oracle.com (abhmp0010.oracle.com [141.146.116.16]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w3B8uQWd025271; Wed, 11 Apr 2018 08:56:28 GMT Received: from olila.local.net-space.pl (/10.175.193.108) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 11 Apr 2018 01:56:25 -0700 Date: Wed, 11 Apr 2018 10:56:20 +0200 From: Daniel Kiper To: james.bottomley@hansenpartnership.com, ard.biesheuvel@linaro.org Cc: linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, xen-devel@lists.xenproject.org, boris.ostrovsky@oracle.com, eric.snowberg@oracle.com, hpa@zytor.com, jgross@suse.com, konrad.wilk@oracle.com, mingo@redhat.com, tglx@linutronix.de Subject: Re: [PATCH v2] x86/xen/efi: Initialize UEFI secure boot state during dom0 boot Message-ID: <20180411085620.GI26100@olila.local.net-space.pl> References: <1522766345-4169-1-git-send-email-daniel.kiper@oracle.com> <1522770281.4522.14.camel@HansenPartnership.com> <20180403160712.GL26100@olila.local.net-space.pl> <1522774852.4522.25.camel@HansenPartnership.com> <20180404103824.GM26100@olila.local.net-space.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20180404103824.GM26100@olila.local.net-space.pl> User-Agent: Mutt/1.5.21 (2010-09-15) X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8859 signatures=668698 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1804110087 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 04, 2018 at 12:38:24PM +0200, Daniel Kiper wrote: > On Tue, Apr 03, 2018 at 10:00:52AM -0700, James Bottomley wrote: > > On Tue, 2018-04-03 at 18:07 +0200, Daniel Kiper wrote: > > > On Tue, Apr 03, 2018 at 08:44:41AM -0700, James Bottomley wrote: > > [...] > > > > > This looks like a bad idea: you're duplicating the secure boot > > > > check in > > > > > > > > drivers/firmware/efi/libstub/secureboot.c > > > > > > > > Which is an implementation of policy. ?If we have to have policy in > > > > the kernel, it should really only be in one place to prevent drift; > > > > why can't you simply use the libstub efi_get_secureboot() so we're > > > > not duplicating the implementation of policy? > > > > > > Well, here is the first version of this patch: > > > https://lkml.org/lkml/2018/1/9/496 Ard did not like it. I was not > > > happy too. In general both approaches are not perfect. More you can > > > find in the discussion around this patchset. If you have better idea > > > how to do that I am happy to implement it. > > > > One way might be simply to have the pre exit-boot-services code lay > > down a variable containing the state which you pick up, rather than you > > Do you mean variable in kernel proper or something like that? If yes this > is not possible. EFI Linux stub is not executed in Xen dom0. All UEFI > infrastructure is owned and operated by Xen. Dom0 kernel can access some > stuff in UEFI, including variables, via hypercall. However, when dom0 > runs only UEFI runtime services are available. > > > calling efi code separately and trying to use the insecure RT > > I am not sure why they are insecure. > > > variables. ?That way there's a uniform view of the internal kernel > > secure boot state that everyone can use. > > That would be perfect but I have a feeling that in form proposed above > it is not possible. Ping? Daniel