Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp14700pxb; Wed, 30 Mar 2022 21:30:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwl76GHzcVFQ1ZxJwaMr8Y9Exkz+7GAGmAdEYvMgxSTmECfZ8qDr1QmQeyEQnKKcj9QQII+ X-Received: by 2002:a17:902:e94e:b0:154:3a4:c5e8 with SMTP id b14-20020a170902e94e00b0015403a4c5e8mr3484040pll.19.1648701006009; Wed, 30 Mar 2022 21:30:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648701006; cv=none; d=google.com; s=arc-20160816; b=HQeNDyPk1QR9Rmq0b63XSTsLqQ2fe2qOb1f8aKKaeF1LxSLSo0AfRMQi9OWFn4ZO5J ZI00L4nY1nriuu36PYgD9G4knKcvMtbzo3+cUDY1P0bxSwHhggKulHstEDcEv1JgayOR dmJkx3k7DfvX4h2KFl4zuWRm4tIlup//707ZX7uZZ9kMCm/twE8OjhwPGm+roZnc42Fy xGIZ8GylDyEyDedMpgDKmXLaLOAHpZRNYGieOK0vtwNp9kBnRDFGdrSAzOXa+5kQonvy ETvIom5ieOX3R4Pn0KJ+0iUf7T70OUQe7sQaR8jkofZ8unaTsPtlWGvJAC+sFhwXtF17 ksBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=bfsEaeYBOxurGh71GLcvosk4I2x4OUlZr3E6o8x+U0E=; b=wVlZ1oHc9gA9YcXeltZxZDvckuSB6zqrVC16tbXlQnei09UTDqLNjG4BEgdXaCqdQ1 e2G5OlNj/LTNNqHdajHgfs6knC2seBURFASvjfcz2l5BeHZJJh8df+VRgHtVq6TZYWbr y0VEmm7OEehv04B870QXMhB0u/R8iNG6qptFFZOv6EXnHEqJHAeVDprJm6Tvoi94abCm zjIDea6S1O7exfqcCeBvO6v2F3JEQ2iqTMTddyMbO7sSvRL9LwC101t+Dx5yO+okQKh8 chzDdoqE8nBVOInTvsXRhFpPBijNzQSBoAyk6Nrs7SRNvOh9ieuhEvWK+DA56kpust2Q OLag== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id l4-20020a170902f68400b00153b2d165c6si3374341plg.462.2022.03.30.21.30.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Mar 2022 21:30:05 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 8BB881D4C30; Wed, 30 Mar 2022 20:24:15 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243707AbiC3HM6 (ORCPT + 99 others); Wed, 30 Mar 2022 03:12:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33604 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243685AbiC3HMy (ORCPT ); Wed, 30 Mar 2022 03:12:54 -0400 Received: from cavan.codon.org.uk (irc.codon.org.uk [IPv6:2a00:1098:84:22e::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 568211017DF; Wed, 30 Mar 2022 00:11:05 -0700 (PDT) Received: by cavan.codon.org.uk (Postfix, from userid 1000) id C132340A71; Wed, 30 Mar 2022 08:11:03 +0100 (BST) Date: Wed, 30 Mar 2022 08:11:03 +0100 From: Matthew Garrett To: Ard Biesheuvel Cc: Daniel Kiper , Alec Brown , Kanth Ghatraju , Ross Philipson , "dpsmith@apertussolutions.com" , "piotr.krol@3mdeb.com" , "krystian.hebel@3mdeb.com" , "persaur@gmail.com" , "Yoder, Stuart" , Andrew Cooper , "michal.zygowski@3mdeb.com" , James Bottomley , "lukasz@hawrylko.pl" , linux-efi , Linux Kernel Mailing List , The development of GNU GRUB , Kees Cook Subject: Re: Linux DRTM on UEFI platforms Message-ID: <20220330071103.GA809@srcf.ucam.org> References: <20220329174057.GA17778@srcf.ucam.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 30, 2022 at 09:02:18AM +0200, Ard Biesheuvel wrote: > Wouldn't it be better for the secure launch kernel to boot the EFI > entrypoint directly? As it happens, I just completed a PoC last week > for a minimal implementation of EFI (in Rust) that only carries the > pieces that the EFI stub needs to boot Linux. It is currently just a > proof of concept that only works on QEMU/arm64, but it should not be > too hard to adapt it for x86 and for booting a kernel that has already > been loaded to memory. The EFI stub carries out a bunch of actions that have meaningful security impact, and that's material that should be measured. Having the secure launch kernel execute the stub without awareness of what it does means it would need to measure the code without measuring the state, while the goal of DRTM solutions is to measure state rather than the code.