Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp1895161imw; Tue, 5 Jul 2022 18:05:17 -0700 (PDT) X-Google-Smtp-Source: AGRyM1uzCYPth2a/9ZtlPA5RV1Ei1+Y1pb/t0Lc0KilcZ8eO+TrCPziKTTTynseIJHHMGrnCECzH X-Received: by 2002:a05:6a00:2314:b0:528:1b60:ab7f with SMTP id h20-20020a056a00231400b005281b60ab7fmr31022634pfh.11.1657069517001; Tue, 05 Jul 2022 18:05:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657069516; cv=none; d=google.com; s=arc-20160816; b=jG7Pj35qJXanctwFfKA1RddCQu7wvraMV+EylZLzr1sybFs31e/fYl8ElXsEAt3Frf 4t81y53+NlukjlECqsHvZQstPKrVh5NNY4KKenrdzVYZrobJddHGpOtFoHMTuoHn6qra 8OJilRyiSIu6e+gN9+mbXWxZJ30a94Wvgu9EkC853/+SlZmktx0ZxbGor2Nz9/D/3/hs xare5ICpvUkMSsH7hwVFGpw3e+3f5MaRipcKWnOTvLpvHNxSADjuvAbq0Tj2XIw/uG2d LLVaVnmUokWL55RPjFH+H2MpZF6NbpAoGl19O/eiZSL6UF7BFjD/j0fodgd5NLf9Rrjc ZK/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=mPGuTVzJotCZVqpoAMhydHxpzwQdooewk6xEe+KTM50=; b=eLIkvc2rK5YhsszSBAiGVLezw6nF2JfUuiRge+aa2w6ozGb0msNpEZUXC8duq6BfZD okjrp9zdmUpsjiAP5X+OT75bQziyoNMVNz8f6fe/gVWjO2mELWh+sp5yYI7leEa5jqro RUR4tWGl/EzUGHlPCKJyGkTsh3Pk5Cx7k76D65fjo75Q5NBM0/5BLBIdHppAeoCMXJbh SMJYOMZXXx4C5OLvmkTL7JYxp+YHy3xW6W/C2nPTA8b89guUVfEHOCMTv6LROJizRfJm nTtgRa5yegE5mZxkYPaElOxotjCH8DX+O/Q4S1ohxzguWVqmBQ7oJV27FTfvVOF/L+nZ pH2g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 32-20020a631560000000b003fcb1baaf06si47482458pgv.163.2022.07.05.18.05.03; Tue, 05 Jul 2022 18:05:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229455AbiGFAVR (ORCPT + 99 others); Tue, 5 Jul 2022 20:21:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34340 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229454AbiGFAVP (ORCPT ); Tue, 5 Jul 2022 20:21:15 -0400 X-Greylist: delayed 515 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Tue, 05 Jul 2022 17:21:11 PDT Received: from cavan.codon.org.uk (irc.codon.org.uk [IPv6:2a00:1098:84:22e::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0219313F43; Tue, 5 Jul 2022 17:21:10 -0700 (PDT) Received: by cavan.codon.org.uk (Postfix, from userid 1000) id C2FD140A60; Wed, 6 Jul 2022 01:12:33 +0100 (BST) Date: Wed, 6 Jul 2022 01:12:33 +0100 From: Matthew Garrett To: Brendan Trotter Cc: The development of GNU GRUB , Ard Biesheuvel , Daniel Kiper , Alec Brown , Kanth Ghatraju , Ross Philipson , "piotr.krol@3mdeb.com" , "krystian.hebel@3mdeb.com" , "persaur@gmail.com" , "Yoder, Stuart" , Andrew Cooper , "michal.zygowski@3mdeb.com" , James Bottomley , "lukasz@hawrylko.pl" , linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, James Morris Subject: Re: Linux DRTM on UEFI platforms Message-ID: <20220706001233.GA5802@srcf.ucam.org> References: <20220329174057.GA17778@srcf.ucam.org> <7aab2990-9c57-2456-b08d-299ae96ac919@apertussolutions.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-0.8 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,KHOP_HELO_FCRDNS,SPF_HELO_NEUTRAL, SPF_NEUTRAL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jul 06, 2022 at 09:33:23AM +0930, Brendan Trotter wrote: > The only correct approach is "efi-stub -> head_64.S -> kernel's own > secure init"; where (on UEFI systems) neither GRUB nor Trenchboot has > a valid reason to exist and should never be installed. Surely the entire point of DRTM is that we *don't* have to trust the bootloader?