Received: by 2002:a05:7412:31a9:b0:e2:908c:2ebd with SMTP id et41csp4299288rdb; Thu, 14 Sep 2023 19:34:26 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEAuw6oFSwEaNZbgxIq1MRJSceYwsEhcPJQIRDU+rVGwvWrmzyGF0l+LliejR8A0BDDHu/b X-Received: by 2002:a05:6a00:1f97:b0:68f:cbd3:5b01 with SMTP id bg23-20020a056a001f9700b0068fcbd35b01mr3889342pfb.13.1694745266349; Thu, 14 Sep 2023 19:34:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694745266; cv=none; d=google.com; s=arc-20160816; b=syQbT/Q03uev4iRYTVLcB0lRD5Zc4JGweS+KoEoexYD0r0M0dS/FQZCsFs5qWnqvJl 0Ty8lXjsAYBnNmUObbLbvpnSiTwM3o43PU1q9v3aanubBdkCDjsrx7xrrQeF4qS62/WC 0AZiHMrg9Z+PM5U0rrib/4AoKPKNszbZJIHuiyAPul4zmRQT5eM4ZkkU1/DngiZYncxG 3whHC9TZC/0etTD3CgdUF9ZfGAoLTH5MzmeOkdYUQ3vFBDkxa5dQojwBmvV8EoXkMfMt xd9Klv+MB5UyhlOSJPTUHfkONIROqYRZ9z03kc7QajxtZ1Yqa3fMjOYLWWdkkLC6Nnev LvHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:dkim-signature; bh=G30aDEjWsGwHEBcRnJQg8/XZtFrP1rxiHjsXrhoF9jc=; fh=0dXJlwbt4Xw+bcyBvCkxkIIkyDr2EZLwA0aze0IvsaQ=; b=reGED0OeTj8NkS5iZQr2VNdKO4l/ydfswHGXd1yVAr5CsR0VvVCvPBHXS6QVnCy7wL BkjXB8StWmoRt1N+tyFOPhQv0/hScdfy45gxvQh3iL3+88p8/GDGqlEsKyeVDIxXHqQ1 6SP4wn4IeWwBSF8jPGGevJ1su/pjBqILp/Gv9LngV0LiovD/qAoDFz9bavVmjHJi3tiA 1NTydWSKTmKyU6rE4udalM/LD61cVPQJxxWah6sZ4kcG2IKqeB7ytlhzzIr05LPz9c5b ErrrzsqhIO22KkAqbNyB5j5sZyt20aFhVnAHviKY/uCLqMWdkXexYuSAi/PAbARjswE4 tUkA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="EJ+nqp/c"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id x7-20020a056a000bc700b0068e45c9c986si2412599pfu.136.2023.09.14.19.34.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 19:34:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="EJ+nqp/c"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id F3E99803417D; Thu, 14 Sep 2023 12:10:50 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240880AbjINTKt (ORCPT + 99 others); Thu, 14 Sep 2023 15:10:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56784 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237837AbjINTKs (ORCPT ); Thu, 14 Sep 2023 15:10:48 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 938101FD5 for ; Thu, 14 Sep 2023 12:10:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1694718601; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=G30aDEjWsGwHEBcRnJQg8/XZtFrP1rxiHjsXrhoF9jc=; b=EJ+nqp/cSzcvyUu6SmbIlkjkLsudcvnOUHBWcwCDu+Fo6FXmUGiUg/Fl8CoIAaTH4/fP5a FAQHmjjC1vMDanRqC9M5RwswJR12Re78J+ninrX0bwaUskboCwhtJTeIkvT3wvMEfv5tiM NL9751o9Wcl2DxWo9ZxOWkdpHnbbQxM= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-7-5-Yls00iPaSiIW2Kk2t_Kw-1; Thu, 14 Sep 2023 15:09:55 -0400 X-MC-Unique: 5-Yls00iPaSiIW2Kk2t_Kw-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 84833185A79B; Thu, 14 Sep 2023 19:09:54 +0000 (UTC) Received: from rotkaeppchen (unknown [10.39.194.190]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5E22421B2413; Thu, 14 Sep 2023 19:09:51 +0000 (UTC) Date: Thu, 14 Sep 2023 21:09:46 +0200 From: Philipp Rudo To: "Jan Hendrik Farr" Cc: linux-kernel@vger.kernel.org, kexec@lists.infradead.org, x86@kernel.org, tglx@linutronix.de, dhowells@redhat.com, vgoyal@redhat.com, keyrings@vger.kernel.org, akpm@linux-foundation.org, "Baoquan He" , bhelgaas@google.com, "Luca Boccassi" , lennart@poettering.net Subject: Re: [PATCH v2 0/2] x86/kexec: UKI Support Message-ID: <20230914210946.25730571@rotkaeppchen> In-Reply-To: <63952cb0-5217-42a8-9b62-8be6d03f5844@app.fastmail.com> References: <20230911052535.335770-1-kernel@jfarr.cc> <20230913160045.40d377f9@rotkaeppchen> <63952cb0-5217-42a8-9b62-8be6d03f5844@app.fastmail.com> Organization: Red Hat inc. MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Thu, 14 Sep 2023 12:10:51 -0700 (PDT) X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Hi Jan, On Wed, 13 Sep 2023 16:42:33 +0200 "Jan Hendrik Farr" wrote: > On Wed, Sep 13, 2023, at 4:00 PM, Philipp Rudo wrote: [...] > In [5] Luca writes: > > [...] we fully intend for the UKI format to be an open and stable > > specification, that anybody can support and rely on. > But that is unfortunately not where the format is at this point. > > What is annoying though is where this leaves a user that actually > wants this feature. They can carry a patch or they might have to wait > a long time. > > Can you indicate what it would take for the kernel community to consider > this spec as stable enough? I don't think there is a good answer to that question. In fact I believe if you ask 10 people from the community you will get 20+ different answers. My guess is that either (1) the spec is moved to some official standard committee where people spend decades to polish it before it makes it into the kernel or (2) there's a big flamewar on LKML until Linus had enough and passes his judgment on it. So definitely (2) ;-) Thanks Philipp > > > > In the end the only benefit this series brings is to extend the > > signature checking on the whole UKI except of just the kernel image. > > Everything else can also be done in user space. Compared to the > > problems described above this is a very small gain for me. > > Correct. That is the benefit of pulling the UKI apart in the > kernel. However having to sign the kernel inside the UKI defeats > the whole point. > > > [1] https://uapi-group.org/specifications/specs/unified_kernel_image/ > [2] https://github.com/uapi-group/specifications/pull/72 > [3] https://github.com/uapi-group/specifications/pull/73 > [4] https://github.com/uapi-group/specifications/issues/74 > [5] https://github.com/systemd/systemd/issues/28538 >