Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp302708rwp; Wed, 12 Jul 2023 13:37:11 -0700 (PDT) X-Google-Smtp-Source: APBJJlGT29Ma7DjOir0igPJX6vj+oQuq84PQ19GQyWbEzU4i8NQRkPVGZRpgh/Rx4HMFeuRGS981 X-Received: by 2002:a17:90a:b38b:b0:263:7089:52ec with SMTP id e11-20020a17090ab38b00b00263708952ecmr15713519pjr.43.1689194230976; Wed, 12 Jul 2023 13:37:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689194230; cv=none; d=google.com; s=arc-20160816; b=OdhYTBeOAPXl00P5rTAXZzxah02AipAEJ5BRXuPyC2MBGTRibfjuyPN+hXTwS96Xph eGFZ4r+NMZj64ZVXddz3rc7ilgkJDKoF4UuiBLuUwXMsnxKzc5WW5u025NqtbySRF6F2 2kY2E9jw6YY6Dx83N1CG+XVYJv3SB3g620iZFyHtpyzSMtW59JRMQ0m3ibWVq8fIEfGO fOY/2PQlNhWNz4nSP0flZttjoNawxNvMiW0Qr62UHcpI0ywN8NusZJbvsY1sXxrAenEg R3/xVFQOoUIulLkFWrlvDBr/sAwCkI7WimqjnLUTykqjw4GHZRLOeKiwUCO8VGJoh2j1 ao4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version; bh=Q4/hT9iYswIxEKI2hIMtLu+Jf2pBiry/HIZV8WkntV0=; fh=oaRLvq+SNFhR2PdKwRFYQR7RywPaVIflP3DGyvVee8g=; b=eVW2hZiPfdTjoyXWpIWkRrhKnEgsWYJPEkPOFyZg21E6q7YIg6EjTmuR0WQkBsZtPB BSj2nq0tgCxGSvQv70R+w4JYE4YGPM+o8BExSOcqJ72gFdXXISqz1+lcOgVo5xirWP6E IWTpKZqbBuzPJciOqVywX7BG0pnPBpN+DXyX2QxRzEa8lur8NlPba3o0oMiIeNoVaR+G Ch1xk44Qeefgqt164XEivYvYl9UA0YTku9KRFnfWVHxoO21lPvs6kQbt7kOuMgxQj2a9 /Mic7zLJdPEyXjsAPgg/MGqjx20IBfYaeYwoVV8IOPql8rh/UqugzXBfiat1liRhDTaN 8mbg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 102-20020a17090a09ef00b00262c9397b59si4023254pjo.161.2023.07.12.13.36.59; Wed, 12 Jul 2023 13:37:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232334AbjGLURF (ORCPT + 99 others); Wed, 12 Jul 2023 16:17:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47570 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229512AbjGLURE (ORCPT ); Wed, 12 Jul 2023 16:17:04 -0400 Received: from mail-yw1-f180.google.com (mail-yw1-f180.google.com [209.85.128.180]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C1B011FE4 for ; Wed, 12 Jul 2023 13:17:03 -0700 (PDT) Received: by mail-yw1-f180.google.com with SMTP id 00721157ae682-579ef51428eso86225237b3.2 for ; Wed, 12 Jul 2023 13:17:03 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689193023; x=1691785023; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Q4/hT9iYswIxEKI2hIMtLu+Jf2pBiry/HIZV8WkntV0=; b=RHQdySqndNzPdRmHs0SUKtI1TapS/6Azjrb0IcVz0QBccbzM0vtanKeNtSJ9PSXVKc nQHG2NiSB6zomrkH6XBVhi0z5jQD6PUIWMaFxd6ryznWVnDbr10FQH3H0lBtyTkP7dGn SdDdgwcbH8cHIUg1DCUCBYz9fmtboLuoQaQdCXyofvFSsoiVcZEZxxbIwIupcrqHg10Q pqdLlt+qJ6Sl2+zM4+jxZYYtqXgNfB9tF41jq8nVcfOP3BgHZy18kZaP+hYbIWHLODgD CnxrQEJ9GTziSnBzxM71RSOJ3pOx7YQ3x6tU9x16tIlUby7ZZcg/AuiGMfV+quujaJ5G aHjg== X-Gm-Message-State: ABy/qLZDBFNx1Hw+jwciKTAWR26sldehmWJ9Z1Jf0c5QmIf8Nzsh7fKk /mTi/bTntb2lrhVQT0BaOOks1Z/jGMA3lg== X-Received: by 2002:a0d:de45:0:b0:576:7f76:ee59 with SMTP id h66-20020a0dde45000000b005767f76ee59mr23889785ywe.23.1689193022889; Wed, 12 Jul 2023 13:17:02 -0700 (PDT) Received: from mail-yw1-f174.google.com (mail-yw1-f174.google.com. [209.85.128.174]) by smtp.gmail.com with ESMTPSA id l10-20020a81d54a000000b0056ffdec590csm1355285ywj.41.2023.07.12.13.17.01 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 12 Jul 2023 13:17:01 -0700 (PDT) Received: by mail-yw1-f174.google.com with SMTP id 00721157ae682-579ef51428eso86224987b3.2 for ; Wed, 12 Jul 2023 13:17:01 -0700 (PDT) X-Received: by 2002:a81:6646:0:b0:56f:fa68:2e34 with SMTP id a67-20020a816646000000b0056ffa682e34mr21446531ywc.35.1689193021607; Wed, 12 Jul 2023 13:17:01 -0700 (PDT) MIME-Version: 1.0 References: <20230712132840.GKZK6qiK70m1O90jFL@fat_crate.local> <2023071200-unopposed-unbuckled-cde8@gregkh> <2023071239-progress-molasses-3b3d@gregkh> <2023071229-dusk-repacking-da3a@gregkh> <20230712194202.GNZK8CCj4yacgFMgfB@fat_crate.local> <20230712200108.GOZK8GhJTkpuIDI4Rg@fat_crate.local> In-Reply-To: <20230712200108.GOZK8GhJTkpuIDI4Rg@fat_crate.local> From: Luca Boccassi Date: Wed, 12 Jul 2023 21:16:50 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH v2] x86/boot: add .sbat section to the bzImage To: Borislav Petkov Cc: Greg KH , =?UTF-8?Q?Daniel_P=2E_Berrang=C3=A9?= , Emanuele Giuseppe Esposito , "H. Peter Anvin" , x86@kernel.org, Thomas Gleixner , lennart@poettering.net, Ingo Molnar , Dave Hansen , Andrew Morton , Masahiro Yamada , Alexander Potapenko , Nick Desaulniers , Vitaly Kuznetsov , linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 12 Jul 2023 at 21:01, Borislav Petkov wrote: > > On Wed, Jul 12, 2023 at 08:56:36PM +0100, Luca Boccassi wrote: > > Everything < 3 is revoked _and_ the generation id in the stable branch > > is _not_ bumped, because it's still vulnerable and so that branch is > > effectively dead and unbootable on any system with secure boot > > enabled. This is a revocation mechanism, not a bug tracking mechanism. > > There's no mix-and-matching. > > No, this is a mess waiting to happen. That's not very convincing. You are aware that this mechanism exists and is already used by other EFI components, yes? > > Nah, it belongs in both places. Please read the documentation and > > spend at least some time trying to understand the actual problem being > > You want to have this patch in the tree - the commit message should > explain why it is needed and not point to some documentation somewhere. Then why not just ask for that, instead of making convoluted assumptions based on nothing of substance? > > solved before commenting - or don't comment at all, that's fine too. > > Here's a comment for ya: > > Naked-by: Borislav Petkov (AMD) So very mature. No wonder kernel maintainers and the LKML are universally loved and praised.