Received: by 2002:a05:7412:31a9:b0:e2:908c:2ebd with SMTP id et41csp3988757rdb;
        Thu, 14 Sep 2023 08:34:19 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IEGPD50j564m71f31/9OTB38gUpFp2qJu7EoRym/Y/HfglH8nKOEUk+OQ33JwZsxwdCm/bU
X-Received: by 2002:a17:902:ea95:b0:1c4:c92:2320 with SMTP id x21-20020a170902ea9500b001c40c922320mr2101477plb.31.1694705659430;
        Thu, 14 Sep 2023 08:34:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1694705659; cv=none;
        d=google.com; s=arc-20160816;
        b=JHEmdHlNTNg+oULBdBnPL3R+Y8WgAG9kDTVWrWFkRFlMauu8m2/AuZQkUaDFcJrhjJ
         UQII97ujpy9qUoxmS2LlnMal13exCDTlsCoZ6n2cbSpHZP6TS+FtZPSYdslnRUhiNDpN
         pWDGMN/Qrxxg5z2FHGBaV6oXh4KDpkrmXvcRQsKmgxt8/n8/sTMMUt7OE9j3NKDFh/hO
         aY9i2L9iifmVKCCU6JYvVXKg+b/opFN9T+eBzUXsAoxCtr0j5/9aaUCKLyVKecdjSJcG
         5HSwt7I75eWBb+Uh0w7NoUIrDMIm05U4UyquDUWszc8nDYnC013OXVa59frrINps51NM
         icBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:references:to:from:subject:cc
         :message-id:date:content-transfer-encoding:mime-version
         :dkim-signature;
        bh=1KeR15MR0lzhn5Kwe9u+YNeU4/nutLkkCZN5KZakWas=;
        fh=ltDW5LF9fZ5dOGuL/vDLqIQaS2gPZYHZSgLVw5lLxjk=;
        b=JukogndloidlKwPDPxCTtoCLymG+fv1KI7tEUpXU4w3OXeh7v4LILgCoTNUo7C9BZJ
         1eXJuVr05gFX7XRQfBRpq6Q5N+kn64csTiWjzjwRKaHVX5QpVG9MSCPUd7+oWZBCmZza
         dXEByi+/gKZfp/tS2IuE4NUjnzaXgnsqeIB2UHn9dfmXz4LOpzjODGINI+nr7ViAo1iR
         QsjqdoqshhDdS0/h3UHdzO8DXg9QehK8Szemuw0GvpXM1gPhj8ebhuoDSwCYbW60uDSu
         yjzo6EwLQHwkI5KxDQgx/rQC+9VgI0+iBWrD6V/XCodx/SxSiGK9ib7qVvjxpDCZQ0Zv
         pvKw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=rPamIDWj;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from groat.vger.email (groat.vger.email. [23.128.96.35])
        by mx.google.com with ESMTPS id bz33-20020a056a02062100b00573fb0d8728si1963207pgb.98.2023.09.14.08.34.19
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 14 Sep 2023 08:34:19 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=rPamIDWj;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by groat.vger.email (Postfix) with ESMTP id 4B8B2836B5CC;
	Thu, 14 Sep 2023 08:34:03 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S240992AbjINPeB (ORCPT <rfc822;benbjiang@gmail.com> + 99 others);
        Thu, 14 Sep 2023 11:34:01 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43922 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S240810AbjINPeA (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 14 Sep 2023 11:34:00 -0400
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E9F39CE;
        Thu, 14 Sep 2023 08:33:56 -0700 (PDT)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id D029BC433C8;
        Thu, 14 Sep 2023 15:33:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1694705636;
        bh=1KeR15MR0lzhn5Kwe9u+YNeU4/nutLkkCZN5KZakWas=;
        h=Date:Cc:Subject:From:To:References:In-Reply-To:From;
        b=rPamIDWjidl9aoOdYu4538eyG1jHEMWZEg2hgseAtAW4443e47amuR6bw/Z9KkHUn
         gA88wNMgwOUjCzTKID4ynAYNOFuqz3SbokqFHhFMuvZKopusr9QQXjsY3RkU60FNki
         A0mreV9IOF68fihVtB9m67vAE7uJbSfi73xxxKFnZv7jO1owPQEKT3yszKrZWsSBkw
         1/gJJcuJNndyGRRLwtpQ5mVVSVZ6M6EddjOl2CF6S3+3WWXutNxsYzWJOqYPpEi3yG
         XJkH6wkft6EOtfyYZP6VFdP4+sOSL2oApCfjPC5BsXAV/gGyXN7gZFPMqP6468h9R8
         M8EItT4mbi1Vw==
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8
Date:   Thu, 14 Sep 2023 18:33:51 +0300
Message-Id: <CVIR0BGHX3VS.39FY5QL8KXR0F@suppilovahvero>
Cc:     "Jan Hendrik Farr" <kernel@jfarr.cc>,
        <linux-kernel@vger.kernel.org>, <kexec@lists.infradead.org>,
        <x86@kernel.org>, <tglx@linutronix.de>, <dhowells@redhat.com>,
        <vgoyal@redhat.com>, <keyrings@vger.kernel.org>,
        <akpm@linux-foundation.org>, <bhe@redhat.com>,
        <bhelgaas@google.com>, <bluca@debian.org>
Subject: Re: [PATCH v2 0/2] x86/kexec: UKI Support
From:   "Jarkko Sakkinen" <jarkko@kernel.org>
To:     "Jarkko Sakkinen" <jarkko@kernel.org>,
        "Lennart Poettering" <mzxreary@0pointer.de>,
        "Philipp Rudo" <prudo@redhat.com>
X-Mailer: aerc 0.14.0
References: <20230911052535.335770-1-kernel@jfarr.cc>
 <20230913160045.40d377f9@rotkaeppchen> <ZQLTJFb3S/xn5CWo@gardel-login>
 <CVIN0M3IHRKL.3U005Y5QTOJL5@suppilovahvero>
In-Reply-To: <CVIN0M3IHRKL.3U005Y5QTOJL5@suppilovahvero>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Thu, 14 Sep 2023 08:34:03 -0700 (PDT)
X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email

On Thu Sep 14, 2023 at 3:26 PM EEST, Jarkko Sakkinen wrote:
> On Thu Sep 14, 2023 at 12:32 PM EEST, Lennart Poettering wrote:
> > On Mi, 13.09.23 16:00, Philipp Rudo (prudo@redhat.com) wrote:
> >
> > > For example there are two definitions for the UKI which contradict ea=
ch other.
> > > The dedicated one [1] you have cited earlier and the one in the BLS f=
or type #2
> > > entries [2]. In [1] the .linux and .initrd sections are mandatory and=
 the
> > > .osrel and .cmdline sections are optional while in [2] it is the othe=
r way
> > > round. Which definition should the kernel follow?
> > >
> > > Furthermore, I absolutely don't understand how the spec should be rea=
d. All
> > > the spec does is defining some file formats. There is no word about w=
hich
> > > component in the boot chain is supposed to handle them and what exact=
ly this
> > > component is supposed to do with it. But that is crucial if we want t=
o add UKI
> > > support for kexec as the kexec systemcall will replace the stub. So w=
e need to
> > > know what tasks the stub is supposed to perform. Currently this is on=
ly some
> > > implementation detail of the systemd-stub [3] that can change any mom=
ent and I
> > > strongly oppose to base any uapi on it.
> > >
> > > In the end the only benefit this series brings is to extend the signa=
ture
> > > checking on the whole UKI except of just the kernel image. Everything=
 else can
> > > also be done in user space. Compared to the problems described above =
this is a
> > > very small gain for me.
> > >
> > > Until the spec got fixed I don't see a chance to add UKI support for =
kexec.
> >
> > So that spec is initially just a generalization of what
> > systemd-stub/systemd-boot/ukify does. The descrepancies between the
> > cited specs mostly come from the that generalization. If you want to
> > enumerate kernels and order them the ".osrel" stuff for example is
> > necessary, hence the boot loader spec really wants it. If you don't
> > care about the boot loader spec though and just want to register the
> > kernel UKI PE directly in BootXXX efi vars for example, then there's
> > no need to include .osrel. That all said we should certainly make the
> > two specs align better, and clarify the situation. Suggestions/patches
> > more than welcome.
> >
> > Ultimately, I think a spec written as description with a single
> > implementation in mind (i.e. systemd) is a generally a bad spec. Hence
> > if kexec in the Linux kernel wants to add support for it, that'd be
> > great but I'd see that as an opportunity to adjust the spec to the
> > needs of the Linux kernel in this area, so that it reflects well more
> > than just one backend implementation.
> >
> > Hence, seeing the spec as set in stone and as inherently low quality
> > is the wrong way to see it I am sure. Instead, the goal here is to
> > adjust the spec to make it work really nicely for *both* systemd and
> > the kernel.
>
> Bringing better backing story [1] would also help the spec. Immeditaly
> when there's some reflection surface, also the possible faults it the
> spec become more apparent. Also this makes spec refinement less boring,
> which can be boring and tedious if you write it isolated by yourself or
> in a small group :-)
>
> I need to check if I could with some effort extend my current testing
> environment for UKI [2]. Need to study this better at some point.
>
> > Lennart
> >
> > --
> > Lennart Poettering, Berlin
>
> [1] https://social.kernel.org/notice/AZklKOsIYBZXDL9Bya
> [2] https://github.com/jarkkojs/buildroot-tpmdd/compare/master...linux-6.=
5.y
>
> BR, JKarkko

I need to revisit one some months olds patch set from Matthew Garrett.
It was about encrypted hibernate.

I don't recall exactly what was the problem with PCR sealing but want
to check. This is not hunch that this would affect the current patch
set in review. Just want to revisit to remember why it did not go
through in the end.

BTW, would not be a bad idea to extend CC list to at least Matthew and
James Bottomley on this patch.

BR, Jarkko