Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp2262082rwr; Fri, 21 Apr 2023 06:43:14 -0700 (PDT) X-Google-Smtp-Source: AKy350b4fc19R4V11gasUztgBMLMCERCTy0OVQWWYYbDZ2fetjyLnq6bRT7fg8H6xWOHbE7vwFzw X-Received: by 2002:a05:6a20:8e19:b0:d9:a977:fae with SMTP id y25-20020a056a208e1900b000d9a9770faemr6154050pzj.3.1682084593684; Fri, 21 Apr 2023 06:43:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682084593; cv=none; d=google.com; s=arc-20160816; b=PuyhMhbP9noVnRtOSn2CmotYzwzU20QH7YGEnYnnOkzh4KAxsQbybjavwfaMkgml3I 5iA+Aq25m2WcBo6n92bt2z9J331xbmCSJJkwjnZDGKCABksOdtIT0VSOhkqQq6/kgv+V oPzF+Mq3cJWXjtAgHwHyIOfHT6Lh6RjmXHE/MX9X6Knw7s55AYEU9VDo+zsaV8ugsGrE 4x5D+aKK079r2OBTs3YtRV1ve1EnnkWKg9/A1vwy3Ff1Awd55pnZCgedP29cbsWi4GAR ffccjNek64xGbu+4acH3w3XMRIAHaErjx33p8qGwvme5eUExpQUp7yzYxyJLbN7lwk3I fzNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=qsLZ0tmEZ/2/48tckR4cHRqp20PFB/zn7UeHy+eg14E=; b=Etz58VnSzS2iAIN9ioWdViSvQzNqNXaymHzipDJtCKm1MyhVwPm0qT28IkoZTQOcfK NsJSe75jp7TUiUXlbqk3PRRFfvIBKpAwt7XalRh9lp8QQf3CFv+Nr7jRS7MLV0g6Hkvz 4EL/9l35w4QgbyUHXh8MbZhpeC/gNVr8xGTl8COLwufoyGXejvPRDU2PvqcUps35/FCf blIV9vzgxBXuvCkH30b2BwkjUyG4tKfiouiT0cxtd22eJOlPzL8IHEkKwO2VoMn1wVYU jLNWq9/ZnR5fUrtsnk2EAzFoQqcL0oH7t/zyRgeSEUwWjZ6orqPObz92VCcxZhwHj6gq ec6g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=c3DEmm6M; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bk13-20020a056a02028d00b0051b54dccff6si3872310pgb.727.2023.04.21.06.43.01; Fri, 21 Apr 2023 06:43:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=c3DEmm6M; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232083AbjDUNmK (ORCPT + 99 others); Fri, 21 Apr 2023 09:42:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57954 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232284AbjDUNl6 (ORCPT ); Fri, 21 Apr 2023 09:41:58 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6BC0512C94; Fri, 21 Apr 2023 06:41:27 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 90F4460F58; Fri, 21 Apr 2023 13:41:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id F179AC433A0; Fri, 21 Apr 2023 13:41:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1682084482; bh=jmL7jjhJpMgLgsPp3lSfIdaZinFM9dLDmJnz8qauV/g=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=c3DEmm6M3HGcdosy8rOaoav1wbY/o367RwqBsoV5zlLbH8DdF9jiVW7y6e1Io0FEf r1a8AjuYhVv6iBGsj9wkFoALjEnNq3dwfAoABqVEAUaX6c8NGlpkUXjpCO+YYZEfjb pE4SRI06xZDPq+nzdfP7Q9DNBcLayEJdvFCI3sBzSlGLB8/ivJRwgoUaHzETDZvV8o M4lMDE0JmfBZ9wIva7K217thmILb7twcg4g6k4XkNkaksQ+owM+3U1tA/LlRbjTtA1 X7x7QW2MW6qimR9+/H4ef/7lHAHOxqNYRRxRhLmVgcfA18TfX23Jqq7pA4chgF5ZUD rvSWVMf1VsRVQ== Received: by mail-lf1-f46.google.com with SMTP id 2adb3069b0e04-4edcc885d8fso1770294e87.1; Fri, 21 Apr 2023 06:41:21 -0700 (PDT) X-Gm-Message-State: AAQBX9dEDWhwZLlsYkJtAYubKoUEFm6miNS6eQO/OdHpr3Mop2MOWtBM OWY/ENbMcmnhKyhfx/AT4zmwsdsfpMNaD1IFCSc= X-Received: by 2002:ac2:5e83:0:b0:4ed:c537:d0ca with SMTP id b3-20020ac25e83000000b004edc537d0camr1581044lfq.59.1682084479979; Fri, 21 Apr 2023 06:41:19 -0700 (PDT) MIME-Version: 1.0 References: <20230416120729.2470762-1-ardb@kernel.org> <5694ea5d-da9a-413e-9499-02a54588a953@app.fastmail.com> In-Reply-To: <5694ea5d-da9a-413e-9499-02a54588a953@app.fastmail.com> From: Ard Biesheuvel Date: Fri, 21 Apr 2023 15:41:08 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH 0/3] efi: Implement generic zboot support To: Andy Lutomirski Cc: linux-efi@vger.kernel.org, Linux Kernel Mailing List , Evgeniy Baskov , Borislav Petkov , Dave Hansen , Ingo Molnar , "Peter Zijlstra (Intel)" , Thomas Gleixner , Alexey Khoroshilov , Peter Jones , Gerd Hoffmann , Dave Young , Mario Limonciello , Kees Cook , Tom Lendacky , "Kirill A. Shutemov" , Linus Torvalds Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 21 Apr 2023 at 15:30, Andy Lutomirski wrote: > > > > On Sun, Apr 16, 2023, at 5:07 AM, Ard Biesheuvel wrote: > > This series is a proof-of-concept that implements support for the EFI > > zboot decompressor for x86. It replaces the ordinary decompressor, and > > instead, performs the decompression, KASLR randomization and the 4/5 > > level paging switch while running in the execution context of EFI. > > I like the concept. A couple high-level questions, since I haven=E2=80= =99t dug into the code: > > Could zboot and bzImage be built into the same kernel image? That would = get this into distros, and eventually someone could modify the legacy path = to switch to long mode and invoke zboot (because zboot surely doesn=E2=80= =99t need actual UEFI =E2=80=94 just a sensible environment like what UEFI = provides.) > That's an interesting question, and to some extent, that is actually what Evgeny's patch does: execute more of what the decompressor does from inside the EFI runtime context. The main win with zboot imho is that we get rid of all the funky heuristics that look for usable memory for trampolines and decompression buffers in funky ways, and instead, just use the EFI APIs for allocating pages and remapping them executable as needed (which is the important piece here) I'd have to think about whether there is any middle ground between this approach and Evgeny's - I'll have to get back to you on that. > Does zboot set up BSS correctly? I once went down a rabbit hole trying t= o get the old decompressor to jump into the kernel with BSS already usable = and zeroed, and the result was an incredible mess =E2=80=94 IIRC the decomp= ressor does some in-place shenanigans that looked incompatible with handlin= g BSS without a rewrite. And so we clear BSS in C after jumping to the kern= el, which is gross. > Zboot pads the image to include BSS, so that the zboot metadata covers the actual memory footprint of the image rather than just the image size, and it will get zeroed out as a result of the decompression too, which is a nice bonus. I did this mainly to try and make it idiot proof for other (non-EFI) consumers of the zboot header and compressed payload, but it means that the zboot EFI loader doesn't have to bother either.