Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp1720888rwp; Thu, 13 Jul 2023 15:46:52 -0700 (PDT) X-Google-Smtp-Source: APBJJlGdMnqF4b9v6DrPqOb5ER0pSK5DPAgd+0YIBc4iC5sZombiMdXseHFlcGlupOlhAfiRyTiC X-Received: by 2002:a05:6512:2214:b0:4f8:67aa:4f03 with SMTP id h20-20020a056512221400b004f867aa4f03mr2591167lfu.1.1689288412566; Thu, 13 Jul 2023 15:46:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689288412; cv=none; d=google.com; s=arc-20160816; b=L34B4hBhpS+w7tYLgqevhwPzfjMRLUsg79kWuFxLVQ2cVoY+6whW0VqhFLi2RWD7D5 8yRAqCJxBUPqekHILteYPl0iDliaY74LK2QcdvgiYmlpTjsnd+n09tmxOBVj+erE5Hh9 Vn1xOWkbyxQvmnbHDjiZHqENLwJChjS4TMOhPLdscNDHSpFMfntGT7e5vV9b4PJlhTDH W71XonQq1rXeTKkBIgiNQYMHUZyG+wAmzNObmLO+MB4ap7yr63CleYvSwmx15mMJ93gO UJN4fJCVmqtC90mvTAUg58kJLq4zYO0uzMLaVTTtuyxWbgbiWFllDQ1eEuFjF72NaZAy cNKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version; bh=j4pFHcAmk3Q1iQB/Gu74tpxcYopN6NbzrtwMYxLVtjk=; fh=8ngVewU9telcxx6rCx91IsuMVVbIzN8p4UAMRDVmV58=; b=aBK8oEnd8KTUD6motzNumg4dOcMPgGs9/tZGHG7Q4cGQJnSaB1ODjFCUUbVU+5xLDU hgYZApkYlraF6/q2q0Q/1QGhldsGEsRpJDlf0uJRlxZ0DxPToAT9HkEYzgIxM6nOWGNq O2Eupuit6JACfsguQsgv7r9iAV2tDnYT3DhbzwHUnPpfsQUqM/c64K8DD0pj51zEsiCr BHVBmwWUg0FlhzUWKvY7Ua5llb9lYdV8ZYIoLdBtTnOWaZkkhdeLUNOllDxMcC24rVGa 8SyKAaTK4eXF1Aguc2HOH0Q9iAXQwct7VlBXQI8VSTJUFbPenPfxDLmlqSgwA9thiega s49A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q16-20020a056402033000b0051daea25ff3si8618822edw.484.2023.07.13.15.46.27; Thu, 13 Jul 2023 15:46:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232164AbjGMWcT (ORCPT + 99 others); Thu, 13 Jul 2023 18:32:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33472 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229715AbjGMWcQ (ORCPT ); Thu, 13 Jul 2023 18:32:16 -0400 Received: from mail-yw1-f182.google.com (mail-yw1-f182.google.com [209.85.128.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B42D41BF4; Thu, 13 Jul 2023 15:32:14 -0700 (PDT) Received: by mail-yw1-f182.google.com with SMTP id 00721157ae682-57045429f76so11257417b3.0; Thu, 13 Jul 2023 15:32:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689287534; x=1691879534; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=j4pFHcAmk3Q1iQB/Gu74tpxcYopN6NbzrtwMYxLVtjk=; b=GxgxqyFoeVMPukKMlCOYNOd3Q3ZykRSxpaz1HGiVD/QmAeJfVJ3U5v2Aam2aDUhji8 E7x8h6dgaW4zEERl8eYSkVURZVdVHbMkPkqCNGtZHkOt9G3NIWd2PGoRkwbym5jIFaaa VbWY4wE3VxZ2Kt6JCccF+Iu2ROawhzonoASCCa7DU5BujBKK4phopBul2JQmzOer+eQ+ 0PTPoyj72qBQn2PSlTzddZMOSlec1rOXyS3Zas7WgDt+k7jY5q03A3YWdnSVmRNI15sZ ujbWBXoHi4Cw6i+tJOGsmjDJS/0Tqax8xjty7RKsN94zkyu+HAV/YY11mSHTbbWp4zxb 5awQ== X-Gm-Message-State: ABy/qLY9sJBwQHe9/NjUdjbGHMmNuHv7ti3qQvXKoI56zueZ4/uXNYqR wE++7cVD/0crkZPBNb7+bhPai7naRGhUlg== X-Received: by 2002:a0d:c986:0:b0:561:d1ef:3723 with SMTP id l128-20020a0dc986000000b00561d1ef3723mr3219403ywd.38.1689287533596; Thu, 13 Jul 2023 15:32:13 -0700 (PDT) Received: from mail-yw1-f170.google.com (mail-yw1-f170.google.com. [209.85.128.170]) by smtp.gmail.com with ESMTPSA id r186-20020a8181c3000000b0056d3d7a59cesm1998668ywf.12.2023.07.13.15.32.11 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 13 Jul 2023 15:32:12 -0700 (PDT) Received: by mail-yw1-f170.google.com with SMTP id 00721157ae682-57045429f76so11257237b3.0; Thu, 13 Jul 2023 15:32:11 -0700 (PDT) X-Received: by 2002:a81:6908:0:b0:56c:fce5:ac2d with SMTP id e8-20020a816908000000b0056cfce5ac2dmr3235554ywc.39.1689287531751; Thu, 13 Jul 2023 15:32:11 -0700 (PDT) MIME-Version: 1.0 References: <20230711154449.1378385-1-eesposit@redhat.com> In-Reply-To: From: Luca Boccassi Date: Thu, 13 Jul 2023 23:31:59 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH v2] x86/boot: add .sbat section to the bzImage To: Ard Biesheuvel Cc: Emanuele Giuseppe Esposito , x86@kernel.org, Thomas Gleixner , lennart@poettering.net, Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Andrew Morton , Masahiro Yamada , Alexander Potapenko , Nick Desaulniers , Vitaly Kuznetsov , =?UTF-8?Q?Daniel_P_=2E_Berrang=C3=A9?= , linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 13 Jul 2023 at 14:52, Ard Biesheuvel wrote: > > (add linux-efi@ cc) > > On Thu, Jul 13, 2023 at 03:33:38PM +0200, Ard Biesheuvel wrote: > > Hello Emanuele, > > > > Please cc the linux-efi@ mailing list and myself on EFI related patches. > > > > First of all, I think the tone of the discussion is way out of hand on > > both sides of the debate. Please keep it civil and courteous. > > > > On Tue, Jul 11, 2023 at 11:44:49AM -0400, Emanuele Giuseppe Esposito wrote: > > > *Important*: this is just an RFC, as I am not expert in this area and > > > I don't know what's the best way to achieve this. > > > > > > v2: > > > * add standard "sbat,1,SBAT Version,..." header string > > > > > > The aim of this patch is to add a .sbat section to the linux binary > > > (https://github.com/rhboot/shim/blob/main/SBAT.md). > > > We mainly need SBAT in UKIs (Unified Kernel Images), as we might want > > > to revoke authorizations to specific signed PEs that were initially > > > considered as trusted. The reason might be for example a security issue > > > related to a specific linux release. > > > > > > A .sbat is simply a section containing a string with the component name > > > and a version number. This version number is compared with the value in > > > OVMF_VARS, and if it's less than the variable, the binary is not trusted, > > > even if it is correctly signed. > > > > > > > Most people will not known what OVMF_VARS is or a PE. > > > > Also, 'version number' is a bit vague, better to stick with existing > > terminology that makes this more self explanatory: the component that > > authenticates the kernel image keeps a revocation counter, and refuses > > to load authentic images whose revocation index is lower than the > > revocation counter. This approach removes the need for revoking > > individual image hashes or having to rotate the signing keys when a > > vulnerability is discovered. > > > > The argument that we need this in the upstream kernel seems to be > > predicated on the assumption that there is one universal signing > > authority and revocation domain, but this is not necessarily true. Even > > if the distros appear to have decided that it is a reasonable choice to > > deploy the MicroSoft signed shim and the associated components on other > > systems than Windows-crippled x86 PCs, this is not universally true, and > > UEFI secure boot can be (and is) deployed in sane ways as well. > > > > Note that by Windows-crippled, I mean x86 PCs built by OEMs who care > about nothing other than the Windows logo sticker. These PCs often don't > allow secure boot keys to be modified by the owner of the machine, or > secure boot to be disabled at all. This is why shim exists, not because > UEFI secure boot is broken by design. AFAIK that's not only against the spec but also the logo certification, which x86 OEMs are doing that and in which models? Happy to flag that and inquire.