Received: by 10.192.165.156 with SMTP id m28csp403643imm; Mon, 16 Apr 2018 02:07:25 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/5O2Zy39dHlqHbMfSy6VtYizRb4tP4AqSt2Hbh4qD64hqK9yt7fAzLQNGlma9KQldhYfWf X-Received: by 10.99.111.2 with SMTP id k2mr3900598pgc.445.1523869645634; Mon, 16 Apr 2018 02:07:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523869645; cv=none; d=google.com; s=arc-20160816; b=Z4TSe/eWulxAJF/SDaEu/W6jqnujJ2ltU8ILrLQasN1juJntw26Vk1eEN2xoxlMaAw Z2upORlzXbnF7LyoVmohlRpvMEfs1O8iewlm2U619SmWwKaHekKi/VxdyNiygVaIRFpH +tt4bS9yN/pdIaVN90jF9G3nBsQQDRcfNVFnN0EvN29ZjJytpu4/pO1t3+ZnY3xjWKnw o6gNYRCojKT/bfA2jROVTPGB0EtIaLZQSz+u6v2k47eNVfkVi/hAFOSByvpTyZsV5mLw I5dzVqAXuFknJToD0quJrO2tbp9m15voIduKXXX2CkAxlRiZzrugutxsufKhcP6rZlEH te4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=oes8lXA5na4FBqTMfaW5nhk6b4t5dJt31cKYDxzJigo=; b=WU5p5bPjC6C9iR/spcjkH6xwqeh0xU6njmsrRpXUhw8/dSLuR3O7h3MPMKsS9LUd2u Wj2hW169op/NRmJ2m5+xis9aXI6K6KJAMZa0tfScyz9OAQ2XJ0ZxOf7qxl0t3ogrSEuv GJYNetiw61MFOR4y8QbcU9TSnup9389jz6xLwQULTrcjdi7ziwZD9e2lTepmAATq5SLy GpgzTvqRi6anAIJa42JZGg1KtHpPNrANiuLNW7oSsy63gWSbmQIuRmooLOZk8CBnVZ/z 4bvCa2MoH05n+UkjTlxh4ZAwFAIGspPCVWkk3fgqm3tG4AnOUXiSJOnbaq9Kq/Ny4hdb 4MWQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=mvdckAgB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g11-v6si3652582plt.284.2018.04.16.02.07.09; Mon, 16 Apr 2018 02:07:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=mvdckAgB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754307AbeDPJFm (ORCPT + 99 others); Mon, 16 Apr 2018 05:05:42 -0400 Received: from aserp2120.oracle.com ([141.146.126.78]:56478 "EHLO aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754291AbeDPJFk (ORCPT ); Mon, 16 Apr 2018 05:05:40 -0400 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w3G91gnv107468; Mon, 16 Apr 2018 09:05:04 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=corp-2017-10-26; bh=oes8lXA5na4FBqTMfaW5nhk6b4t5dJt31cKYDxzJigo=; b=mvdckAgBKcRFBhi7jP0W6poBcVVKWfSLdqre7ueVbxVd+aozinzRZIpN6xTFjx3GFV9C cxK+WB6JSR5B0PkkPiLL1l85rtWj0+pGQjjsZ0BtDWnJslTiR25ACrfq0eMjc4xPbEra AHNsjUQ6zRHojBIGXYWXB+WVlhNzfKkg4QqEiFFug+tQBB1JSm7C5KHLU/AaxK2uXQdH LEco47ZNFq7iq72ce4D4CorHtH2CNZq9f6e7kfylwadPAcWFOUEkxJjbLsCQlrlHDiH/ Pw7QlqGyjs1X7/+SzAkkmYuQNAq/YFEnVpo/Yo0RfCt31l5etFPd7Ykhuiyhly/41d+o 6A== Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by aserp2120.oracle.com with ESMTP id 2hbamnm3u2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 16 Apr 2018 09:05:04 +0000 Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w3G953Z9031562 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 16 Apr 2018 09:05:03 GMT Received: from abhmp0008.oracle.com (abhmp0008.oracle.com [141.146.116.14]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w3G951cT005603; Mon, 16 Apr 2018 09:05:02 GMT Received: from olila.local.net-space.pl (/10.175.197.50) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 16 Apr 2018 02:05:00 -0700 Date: Mon, 16 Apr 2018 11:04:52 +0200 From: Daniel Kiper To: Ard Biesheuvel Cc: James Bottomley , linux-efi@vger.kernel.org, Linux Kernel Mailing List , the arch/x86 maintainers , xen-devel , Boris Ostrovsky , eric.snowberg@oracle.com, "H. Peter Anvin" , Juergen Gross , Konrad Rzeszutek Wilk , Ingo Molnar , Thomas Gleixner Subject: Re: [PATCH v2] x86/xen/efi: Initialize UEFI secure boot state during dom0 boot Message-ID: <20180416090452.GQ26100@olila.local.net-space.pl> References: <1522766345-4169-1-git-send-email-daniel.kiper@oracle.com> <1522770281.4522.14.camel@HansenPartnership.com> <20180403160712.GL26100@olila.local.net-space.pl> <1522774852.4522.25.camel@HansenPartnership.com> <20180404103824.GM26100@olila.local.net-space.pl> <20180411085620.GI26100@olila.local.net-space.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8864 signatures=668698 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1804160084 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 16, 2018 at 10:15:15AM +0200, Ard Biesheuvel wrote: > On 11 April 2018 at 10:56, Daniel Kiper wrote: > > On Wed, Apr 04, 2018 at 12:38:24PM +0200, Daniel Kiper wrote: > >> On Tue, Apr 03, 2018 at 10:00:52AM -0700, James Bottomley wrote: > >> > On Tue, 2018-04-03 at 18:07 +0200, Daniel Kiper wrote: > >> > > On Tue, Apr 03, 2018 at 08:44:41AM -0700, James Bottomley wrote: > >> > >> [...] > >> > >> > > > This looks like a bad idea: you're duplicating the secure boot > >> > > > check in > >> > > > > >> > > > drivers/firmware/efi/libstub/secureboot.c > >> > > > > >> > > > Which is an implementation of policy. If we have to have policy in > >> > > > the kernel, it should really only be in one place to prevent drift; > >> > > > why can't you simply use the libstub efi_get_secureboot() so we're > >> > > > not duplicating the implementation of policy? > >> > > > >> > > Well, here is the first version of this patch: > >> > > https://lkml.org/lkml/2018/1/9/496 Ard did not like it. I was not > >> > > happy too. In general both approaches are not perfect. More you can > >> > > find in the discussion around this patchset. If you have better idea > >> > > how to do that I am happy to implement it. > >> > > >> > One way might be simply to have the pre exit-boot-services code lay > >> > down a variable containing the state which you pick up, rather than you > >> > >> Do you mean variable in kernel proper or something like that? If yes this > >> is not possible. EFI Linux stub is not executed in Xen dom0. All UEFI > >> infrastructure is owned and operated by Xen. Dom0 kernel can access some > >> stuff in UEFI, including variables, via hypercall. However, when dom0 > >> runs only UEFI runtime services are available. > >> > >> > calling efi code separately and trying to use the insecure RT > >> > >> I am not sure why they are insecure. > >> > >> > variables. That way there's a uniform view of the internal kernel > >> > secure boot state that everyone can use. > >> > >> That would be perfect but I have a feeling that in form proposed above > >> it is not possible. > > > > Ping? > > > > (apologies if this is a duplicate email - I thought I had replied > already but I don't see it in my sent folder) > > Queued in efi/next - thanks. Thanks a lot! Daniel