Received: by 2002:a25:23cc:0:0:0:0:0 with SMTP id j195csp67225ybj; Wed, 6 May 2020 11:42:25 -0700 (PDT) X-Google-Smtp-Source: APiQypJ4mHU0PRfOE/ewTwTDWAirI1IxyYNXwJEIcI+BUV70T85IgFy5c9Tz5rj9atRNyIsvtlxn X-Received: by 2002:a17:906:340a:: with SMTP id c10mr8903013ejb.218.1588790545445; Wed, 06 May 2020 11:42:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588790545; cv=none; d=google.com; s=arc-20160816; b=LkxW/n586TjKj/HvuU82bnKmQJehbucV/xLUpySSiV2VgxxhojeSsr8dDgC3UJnho5 H1nXaqWBAhtfyaTFgyoun372HxACp0x5S5VF+ss93gLvO+if+P9ZYY2D7nojGe+AyglE mGLCZ4w+X4+s6pKuqYeWfWGRHvRkNAm8Mwvs0FvQxiPNYp8Pr0XEwmNnC5EYof51CzrF 6+JP3hfoiZRrG5tNM5tZmxLS3FRxGwJDhUbNnAeuoNmmJO8D8sa7t8gkty/7M7l3cK23 QQcSt+RC+8r+J4ffGVGuNIGnNa1kgdvcmbdRKaQ0QgOUcCPax5zZW4Piyrzd7v4laNY5 BkcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=+SQS458OK5cEDlJQ1KUWYZtsylPRbVwiBUEmh5tlCnw=; b=C7jBYOyif5PITlqeKOHKlzGJuAHLX7I1dLG69Pa8zBhV6divKvvMPtaGT7/c3Tj1nO QmnJ31463DpoQbyWo55pPVDlBjo6FvnmQVgC6h5TiZyuRNlHmzTvN/cw04Gtngq0HebK Si7hHyEi8x6+Y/R6HMtkm3SNCtMB/bznezMsmopubUeLNZ/aampHaMck+ih3PuNgTEOS Efju8coALeOOIwDwq8M2v2t1VY/0oFU4XGaGI/bhSa8iHK/HIHk1UifqZMuYz9W7otL3 YnCUI/V3Vmv4Fx5PQPG2Mv+foMfNikjKEnr+mx0hD6ZFbbDstgCFa4XUtlthNMyTJUu0 ehuA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=b8R8BXxV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s12si1473934ejr.463.2020.05.06.11.42.01; Wed, 06 May 2020 11:42:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=b8R8BXxV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730450AbgEFShE (ORCPT + 99 others); Wed, 6 May 2020 14:37:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60848 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729757AbgEFShD (ORCPT ); Wed, 6 May 2020 14:37:03 -0400 Received: from mail-il1-x142.google.com (mail-il1-x142.google.com [IPv6:2607:f8b0:4864:20::142]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 073B5C061A0F for ; Wed, 6 May 2020 11:37:02 -0700 (PDT) Received: by mail-il1-x142.google.com with SMTP id x2so347478ilp.13 for ; Wed, 06 May 2020 11:37:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+SQS458OK5cEDlJQ1KUWYZtsylPRbVwiBUEmh5tlCnw=; b=b8R8BXxVNvZvYXXiTbMCsRpDZGgc3jvvenhNrJX604kungvLvVRc62AbdokVNOPwtL rsRXS/vrWau/KmBiRYzSlpvSep5rCgHY76rlEU+IaIWgxIJVQD8xU4qFhWi4h7jE3k4n kv6CoyiAlOzD0QtEJHJzwHXn5gozFcjpIgKgAqNJPzuZuYeyy8/i5bDL6JeF+8CjhowN pluwVl8T/69ZoZxC+VTWtoIheJZ+zPmaVgvIQAJFd8SJInmYqtuo6HjWHzJqLinVolMf FUQy4XZkxdOQbHwe870KHTZDpoGKtk3I2c2KBV9lhuwoJ1yHLT59BTow9I9fuSSxU1/s og7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+SQS458OK5cEDlJQ1KUWYZtsylPRbVwiBUEmh5tlCnw=; b=sKdSXyyfwpKEEKzYRzEQhyLIX1ThyIgoHDegtfarrwwAcqkx9yTc3E6o3mReLaeK4M jrEYVsWSGQgaMFPnz/e6PWICJnlAT/9yppI8CEdgPlSGI9KhQO74TzIIwT2EVkv2NOyQ m4hdtV0Ih8fE17IP4lOIIBa06rPV6NYf12Hnem6nJhk4YF6qmIyj8LTeBHp7Nyacf/vK QCfly8fmNB7YRq4HFT8LgPaiWy+5hGLjsrhCWZZutXaG7vKqxY3nQGC8apbm4QHKTKim AOj/5zYxMBlGlQggRhHBEF69NEdv3VoypOqtSVo6OjS83yO975IDE5+2hxOyKMPdw2L7 j3IQ== X-Gm-Message-State: AGi0Puah0ggNJxOLbG20kUhHbyM8l1lYlXS15rdEyIPuKA+0+h7vvkt6 OUGOEuUxFo5U5bkpjCji9vL3fkA9UM7GPYdVzOhh4Q== X-Received: by 2002:a92:aa48:: with SMTP id j69mr10794636ili.16.1588790221975; Wed, 06 May 2020 11:37:01 -0700 (PDT) MIME-Version: 1.0 References: <20200504232132.23570-1-daniel.kiper@oracle.com> <20200504232132.23570-13-daniel.kiper@oracle.com> <20200506133306.xrzplgdt4cckgrqc@tomti.i.net-space.pl> In-Reply-To: <20200506133306.xrzplgdt4cckgrqc@tomti.i.net-space.pl> From: Matthew Garrett Date: Wed, 6 May 2020 11:36:49 -0700 Message-ID: Subject: Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel To: Daniel Kiper Cc: The development of GNU GRUB , Linux Kernel Mailing List , trenchboot-devel@googlegroups.com, "the arch/x86 maintainers" , alexander.burmashev@oracle.com, Andrew Cooper , Ard Biesheuvel , "Daniel P. Smith" , eric.snowberg@oracle.com, Javier Martinez Canillas , kanth.ghatraju@oracle.com, konrad.wilk@oracle.com, krystian.hebel@3mdeb.com, lukasz.hawrylko@linux.intel.com, michal.zygowski@3mdeb.com, "Vladimir 'phcoder' Serbinenko" , pirot.krol@3mdeb.com, Peter Jones , Ross Philipson Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 6, 2020 at 6:33 AM Daniel Kiper wrote: > > On Tue, May 05, 2020 at 10:29:05AM -0700, Matthew Garrett wrote: > > On Mon, May 4, 2020 at 4:25 PM Daniel Kiper wrote: > > > > > > Otherwise the kernel does not know its state and cannot enable various > > > security features depending on UEFI Secure Boot. > > > > I think this needs more context. If the kernel is loaded via the EFI > > boot stub, the kernel is aware of the UEFI secure boot state. Why > > duplicate this functionality in order to avoid the EFI stub? > > It seems to me that this issue was discussed here [1] and here [2]. > So, if you want me to improve the commit message I am OK with that. Yes, I think just providing an explanation for why it's currently necessary for you to duplicate this is reasonable.