Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1803831yba; Tue, 2 Apr 2019 16:33:38 -0700 (PDT) X-Google-Smtp-Source: APXvYqwVYniDX377My2Yd0+K/8qySHhMhVBzjT0wMREzx+HZObOC249tje4b97s3sRIfgU5nvzpv X-Received: by 2002:aa7:928d:: with SMTP id j13mr6994798pfa.112.1554248018226; Tue, 02 Apr 2019 16:33:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554248018; cv=none; d=google.com; s=arc-20160816; b=UapbRNMIsUKXo8aGQnFtXI0LSu/sOTK/U42NJEXOVaMy2dAnSEXJb7CkK4rrCm7p30 OTxz79u8awQ9mm0dF2cr9CIFbAZmuY8HxjdDz3MoYWcJfLKVX2AWycfAUg6kvCS1DwxE FjATuxKaxU1a4GGKlyF4u67JUfTbjk3W6asnFemRyhpbIsaPw8Iwt2+91mgjfUFZbbfB Rw9fWkWpkIkxkmA/JO0KzxCNRMSR0WT7NxTlDCgmd1YefBKACL2U8PLNKAC32tIwknX4 vGTNJw43u7viEODF62EqKsZS/vqI+yS3Ft9UscMldHdtXviBxwChGLRX3aiyEVAVCBQY WfJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :from:references:cc:to:subject; bh=QVlpMBKFCDyiNLTWuCJTCI5wZtsTzxrsxEHELRxmzIw=; b=N68ImIScHcFbEGGuTWvEY8xBiRvChNUKhTlcBwPd45tH0Mm0L8HdiAI7X8aINe51tn IGk26MvvKwHUnMnQfGbuJkzdqDdw+yzULRsHsgQPgyaIllZZGfCxarwdApqd4PkMeReX 1nQUV2xrhGzKCOb0G2DDJgoojRlb4bHWrAP20BqBhr6JHJ+I6h+r6o+xVPbl/bKWFG7Q Eh+e1be92yZmbHVNd2TgSf05yQ/rKBdCzKYz8wWssNJJqod3eJRm5geNqRk38Zl0i/rg o7F6pq8MSte12cVp1+ulfHOwTdCGPIk0aId9J/rxfEIH0UiWIymLjdzV9+ity34V378j g8LQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v67si12528491pgb.536.2019.04.02.16.33.18; Tue, 02 Apr 2019 16:33:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726213AbfDBXbc (ORCPT + 99 others); Tue, 2 Apr 2019 19:31:32 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:56484 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726071AbfDBXbb (ORCPT ); Tue, 2 Apr 2019 19:31:31 -0400 Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x32NSgku047935 for ; Tue, 2 Apr 2019 19:31:30 -0400 Received: from e31.co.us.ibm.com (e31.co.us.ibm.com [32.97.110.149]) by mx0a-001b2d01.pphosted.com with ESMTP id 2rmg3ju6y7-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 02 Apr 2019 19:31:30 -0400 Received: from localhost by e31.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 3 Apr 2019 00:31:29 +0100 Received: from b03cxnp08025.gho.boulder.ibm.com (9.17.130.17) by e31.co.us.ibm.com (192.168.1.131) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Wed, 3 Apr 2019 00:31:24 +0100 Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x32NVNwT30867688 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 2 Apr 2019 23:31:24 GMT Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D8B87BE056; Tue, 2 Apr 2019 23:31:23 +0000 (GMT) Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 49305BE058; Tue, 2 Apr 2019 23:31:21 +0000 (GMT) Received: from [9.18.235.111] (unknown [9.18.235.111]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Tue, 2 Apr 2019 23:31:20 +0000 (GMT) Subject: Re: [PATCH 0/4] Enabling secure boot on PowerNV systems To: Matthew Garrett Cc: linuxppc-dev@ozlabs.org, linux-efi , linux-integrity , Linux Kernel Mailing List , Michael Ellerman , Paul Mackerras , Benjamin Herrenschmidt , Ard Biesheuvel , Jeremy Kerr , Matthew Garret , Nayna Jain References: <20190402181505.25037-1-cclaudio@linux.ibm.com> <4ce5e057-0702-b0d5-7bb2-cea5b22e2efa@linux.ibm.com> From: Claudio Carvalho Date: Tue, 2 Apr 2019 20:31:19 -0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US X-TM-AS-GCONF: 00 x-cbid: 19040223-8235-0000-0000-00000E78A12B X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00010863; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000284; SDB=6.01183465; UDB=6.00619586; IPR=6.00964213; MB=3.00026266; MTD=3.00000008; XFM=3.00000015; UTC=2019-04-02 23:31:28 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19040223-8236-0000-0000-00004500EEB7 Message-Id: <2208f156-d441-3082-2f4c-8030c84ef788@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-04-02_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904020153 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/2/19 6:51 PM, Matthew Garrett wrote: > On Tue, Apr 2, 2019 at 2:11 PM Claudio Carvalho wrote: >> We want to use the efivarfs for compatibility with existing userspace >> tools. We will track and match any EFI changes that affect us. > So you implement the full PK/KEK/db/dbx/dbt infrastructure, and > updates are signed in the same way? For the first version, our firmware will implement a simplistic PK, KEK and db infrastructure (without dbx and dbt) where only the Setup and User modes will be supported. PK, KEK and db updates will be signed the same way, that is, using userspace tooling like efitools in PowerNV. As for the authentication descriptors, only the EFI_VARIABLE_AUTHENTICATION_2 descriptor will be supported. >> Our use case is restricted to secure boot - this is not going to be a >> general purpose EFI variable implementation. > In that case we might be better off with a generic interface for this > purpose that we can expose on all platforms that implement a secure > boot key hierarchy. Having an efivarfs that doesn't allow the creation > of arbitrary attributes may break other existing userland > expectations. > For what it's worth, gsmi uses the efivars infrastructure for EFI-like variables. What might a generic interface look like?  It would have to work for existing secure boot solutions - including EFI - which would seem to imply changes to userspace tools. Claudio