Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp1895161imw;
        Tue, 5 Jul 2022 18:05:17 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1uzCYPth2a/9ZtlPA5RV1Ei1+Y1pb/t0Lc0KilcZ8eO+TrCPziKTTTynseIJHHMGrnCECzH
X-Received: by 2002:a05:6a00:2314:b0:528:1b60:ab7f with SMTP id h20-20020a056a00231400b005281b60ab7fmr31022634pfh.11.1657069517001;
        Tue, 05 Jul 2022 18:05:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1657069516; cv=none;
        d=google.com; s=arc-20160816;
        b=jG7Pj35qJXanctwFfKA1RddCQu7wvraMV+EylZLzr1sybFs31e/fYl8ElXsEAt3Frf
         4t81y53+NlukjlECqsHvZQstPKrVh5NNY4KKenrdzVYZrobJddHGpOtFoHMTuoHn6qra
         8OJilRyiSIu6e+gN9+mbXWxZJ30a94Wvgu9EkC853/+SlZmktx0ZxbGor2Nz9/D/3/hs
         xare5ICpvUkMSsH7hwVFGpw3e+3f5MaRipcKWnOTvLpvHNxSADjuvAbq0Tj2XIw/uG2d
         LLVaVnmUokWL55RPjFH+H2MpZF6NbpAoGl19O/eiZSL6UF7BFjD/j0fodgd5NLf9Rrjc
         ZK/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:user-agent:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date;
        bh=mPGuTVzJotCZVqpoAMhydHxpzwQdooewk6xEe+KTM50=;
        b=eLIkvc2rK5YhsszSBAiGVLezw6nF2JfUuiRge+aa2w6ozGb0msNpEZUXC8duq6BfZD
         okjrp9zdmUpsjiAP5X+OT75bQziyoNMVNz8f6fe/gVWjO2mELWh+sp5yYI7leEa5jqro
         RUR4tWGl/EzUGHlPCKJyGkTsh3Pk5Cx7k76D65fjo75Q5NBM0/5BLBIdHppAeoCMXJbh
         SMJYOMZXXx4C5OLvmkTL7JYxp+YHy3xW6W/C2nPTA8b89guUVfEHOCMTv6LROJizRfJm
         nTtgRa5yegE5mZxkYPaElOxotjCH8DX+O/Q4S1ohxzguWVqmBQ7oJV27FTfvVOF/L+nZ
         pH2g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id 32-20020a631560000000b003fcb1baaf06si47482458pgv.163.2022.07.05.18.05.03;
        Tue, 05 Jul 2022 18:05:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229455AbiGFAVR (ORCPT <rfc822;alexandru.stratulat91@gmail.com>
        + 99 others); Tue, 5 Jul 2022 20:21:17 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34340 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229454AbiGFAVP (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 5 Jul 2022 20:21:15 -0400
X-Greylist: delayed 515 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Tue, 05 Jul 2022 17:21:11 PDT
Received: from cavan.codon.org.uk (irc.codon.org.uk [IPv6:2a00:1098:84:22e::2])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0219313F43;
        Tue,  5 Jul 2022 17:21:10 -0700 (PDT)
Received: by cavan.codon.org.uk (Postfix, from userid 1000)
        id C2FD140A60; Wed,  6 Jul 2022 01:12:33 +0100 (BST)
Date:   Wed, 6 Jul 2022 01:12:33 +0100
From:   Matthew Garrett <mjg59@srcf.ucam.org>
To:     Brendan Trotter <btrotter@gmail.com>
Cc:     The development of GNU GRUB <grub-devel@gnu.org>,
        Ard Biesheuvel <ardb@kernel.org>,
        Daniel Kiper <daniel.kiper@oracle.com>,
        Alec Brown <alec.r.brown@oracle.com>,
        Kanth Ghatraju <kanth.ghatraju@oracle.com>,
        Ross Philipson <ross.philipson@oracle.com>,
        "piotr.krol@3mdeb.com" <piotr.krol@3mdeb.com>,
        "krystian.hebel@3mdeb.com" <krystian.hebel@3mdeb.com>,
        "persaur@gmail.com" <persaur@gmail.com>,
        "Yoder, Stuart" <stuart.yoder@arm.com>,
        Andrew Cooper <andrew.cooper3@citrix.com>,
        "michal.zygowski@3mdeb.com" <michal.zygowski@3mdeb.com>,
        James Bottomley <James.Bottomley@hansenpartnership.com>,
        "lukasz@hawrylko.pl" <lukasz@hawrylko.pl>,
        linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org,
        James Morris <jmorris@namei.org>
Subject: Re: Linux DRTM on UEFI platforms
Message-ID: <20220706001233.GA5802@srcf.ucam.org>
References: <20220329174057.GA17778@srcf.ucam.org>
 <f9622b47-c45f-8c91-cb85-e5db7fd541cf@apertussolutions.com>
 <CAMj1kXEUT8BK_akqjF1Wx0JkLniFyV_h9s1TfQnPqfxCHsKfWw@mail.gmail.com>
 <7aab2990-9c57-2456-b08d-299ae96ac919@apertussolutions.com>
 <CAELHeEfZ-feZnexp7Gx3VAJPerENcoO1Uccbe3xxUX95jvLUdA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAELHeEfZ-feZnexp7Gx3VAJPerENcoO1Uccbe3xxUX95jvLUdA@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Status: No, score=-0.8 required=5.0 tests=BAYES_00,
        HEADER_FROM_DIFFERENT_DOMAINS,KHOP_HELO_FCRDNS,SPF_HELO_NEUTRAL,
        SPF_NEUTRAL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Jul 06, 2022 at 09:33:23AM +0930, Brendan Trotter wrote:

> The only correct approach is "efi-stub -> head_64.S -> kernel's own
> secure init"; where (on UEFI systems) neither GRUB nor Trenchboot has
> a valid reason to exist and should never be installed.

Surely the entire point of DRTM is that we *don't* have to trust the 
bootloader?