Received: by 2002:a05:7412:31a9:b0:e2:908c:2ebd with SMTP id et41csp4844739rdb; Fri, 15 Sep 2023 14:15:02 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHV+VrOcV0cd4MldqF6oZCSQzmxf4T3rmMGhoAwRArWuuYzZRC6vpmJZ0gOLjsQLiUvZ5ER X-Received: by 2002:a17:903:482:b0:1c3:d864:d6b3 with SMTP id jj2-20020a170903048200b001c3d864d6b3mr2645951plb.57.1694812501732; Fri, 15 Sep 2023 14:15:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694812501; cv=none; d=google.com; s=arc-20160816; b=UhYBz95D07cNQohBb8GGox9OKcOZtnSMDSPSmzhBz/FG+Mut8RN2KxMr0p3hw13P3h pdJ95XvtiEBDdcPXbvQ7uCmg1mFMJzgKMKEgBO5+2YRGV1wDZy1AQI3KYWalHXADRwEb N8LoHcSA5B0pF5yAhoLUGhaUQp5atLy8gXIw8BqloEvMvAw14KdyXXGwkU7PFSJnhMRM MnlAHoJqmZLRy87fPYD5d0VhYdKsRyb9Gwh2/ph27YHnwRDxWERugvN4xNxU3rfPqklJ 0elXb6Iqe4swh0jBAlCYEhVklYiAg9+IM/ssDPat4eN8WPWW2cJGPHA0bQWXPUHvbcXI VvyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:subject:cc:to:from:date:references:in-reply-to :message-id:mime-version:user-agent:feedback-id:dkim-signature :dkim-signature; bh=Q8C93Gk0ScZhXMgVCWiaWrSwELvWnPJr1AijyyP5Y4I=; fh=LfGtKdh1E1QU3qGy2mz92TwjeVIRx71EBHZjqci9iDQ=; b=GLONGkHfdqwonEf3kOLDJO+44GJo4OOVrIjsMc1g4m3D22Rq3BtYLm7yOVk36weovg 9aXtPjA6pNEYfzQMJgy7ziD4OnTG/pwl/qV/Cl2easD8+5Ct31oM64GJ32Yn0Ta2AGt/ xxfafCEAWzEgkuCNmedEUcu5Acvv47WqxAs4aMUQ3ILxRdKdANPybpFT+eMhPFpyCB4n WmwFGn8Evr2Yd5AdzmEJwuFOa4VT1D/MIzO6LZGbtLsMDCDhaZpnmOIdrYX2eR8IxmcY nl9107lUOCoBnHb3ldgALY1AV04ayt3soU6iRtCT41vWIMH2xOeil60tu8XqWLE/zOTQ Esew== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (expired) header.i=@jfarr.cc header.s=fm1 header.b=XWjyVE3D; dkim=neutral (expired) header.i=@messagingengine.com header.s=fm2 header.b=mBsewF8s; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=jfarr.cc Return-Path: Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1]) by mx.google.com with ESMTPS id j4-20020a170903028400b001bde0b58abesi3993603plr.161.2023.09.15.14.15.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Sep 2023 14:15:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1; Authentication-Results: mx.google.com; dkim=neutral (expired) header.i=@jfarr.cc header.s=fm1 header.b=XWjyVE3D; dkim=neutral (expired) header.i=@messagingengine.com header.s=fm2 header.b=mBsewF8s; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=jfarr.cc Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 68778836FE82; Thu, 14 Sep 2023 14:05:05 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229782AbjINVFD (ORCPT + 99 others); Thu, 14 Sep 2023 17:05:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42106 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229848AbjINVFA (ORCPT ); Thu, 14 Sep 2023 17:05:00 -0400 Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B6AE52704; Thu, 14 Sep 2023 14:04:56 -0700 (PDT) Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id DF75D5C0244; Thu, 14 Sep 2023 17:04:53 -0400 (EDT) Received: from imap49 ([10.202.2.99]) by compute6.internal (MEProxy); Thu, 14 Sep 2023 17:04:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jfarr.cc; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm1; t=1694725493; x=1694811893; bh=Q8 C93Gk0ScZhXMgVCWiaWrSwELvWnPJr1AijyyP5Y4I=; b=XWjyVE3DCe4iMswqXJ esrgCVjVi5KmZXD6Lc1k/sQ8AQ2LvgvA8qYuIJb9AYqXXYIn3OJJlyMHAiiAYO3n eOfBluBhCE1Cy3AFTZ8y9qiIC42NoFVtqHouPLTRbk0vZMxgduhXxAIihoivxqmL CT8Pc4JIdqujm8ACii4V5Yr0jcZu/mIDVmqf47qs1z9IEtQpj18DaPUY/qlWeMgs xFIRF540lpUhCtAKjjT5msjrbamE14o4IC/ibzGEt7gRmZieSozSuZXjPH+OKhGS AxMg1HRH+MjQDermTbQRCrlsj2tk75JzmMJz1AO8F3QpbpWwj8mEYgMxx8dn2nxJ Ijhg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1694725493; x=1694811893; bh=Q8C93Gk0ScZhX MgVCWiaWrSwELvWnPJr1AijyyP5Y4I=; b=mBsewF8sV8xnObt4tQGPqBiS4mdM4 0r1KkYPvIE71sp+eRb6fN/ZKecV/HI4MrrjT0z0/1iv4uqrERN3rbJ5BAzPYY2rN K02rYyS1Q02XXJZiP5JBnrVMrBoqM0dYMd1WpTxmQW2H/ZmcDGMj2Scgr0W5YuC5 +l+LfccrvdL8alf/wVYNJG6nQwzdE0oqlvhN/84MfF+Te7m3SIsQ/fhyYdXct/cj F4ip+GaSV1GSZDKKSmJ+QjfkN0miVX49d5yRUB7KDL3G5phXm3SrwrF9SxlhTXjh icdq3E/IRaCgolp9R//E/r/AVOyccesU8tWM0fb6sEOiaPYaTAsi+l+7g== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrudejtddgudehgecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enfghrlhcuvffnffculdduhedmnecujfgurhepofgfggfkjghffffhvfevufgtsehttder tderredtnecuhfhrohhmpedflfgrnhcujfgvnhgurhhikhcuhfgrrhhrfdcuoehkvghrnh gvlhesjhhfrghrrhdrtggtqeenucggtffrrghtthgvrhhnpedujefhffdvffeikedvkeef ieeutdffteelgeetfffhkeffheeiheehvedtheetieenucffohhmrghinhepghhithhhuh gsrdgtohhmnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhho mhepkhgvrhhnvghlsehjfhgrrhhrrdgttg X-ME-Proxy: Feedback-ID: i0fc947c4:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 0856E15A0092; Thu, 14 Sep 2023 17:04:53 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-745-g95dd7bea33-fm-20230905.001-g95dd7bea Mime-Version: 1.0 Message-Id: <0e1984af-88ca-4908-a5ca-3191d96aa63f@app.fastmail.com> In-Reply-To: <20230914205149.51031bc9@rotkaeppchen> References: <20230911052535.335770-1-kernel@jfarr.cc> <20230913160045.40d377f9@rotkaeppchen> <20230914205149.51031bc9@rotkaeppchen> Date: Thu, 14 Sep 2023 23:04:32 +0200 From: "Jan Hendrik Farr" To: "Philipp Rudo" , "Lennart Poettering" Cc: linux-kernel@vger.kernel.org, kexec@lists.infradead.org, x86@kernel.org, tglx@linutronix.de, dhowells@redhat.com, vgoyal@redhat.com, keyrings@vger.kernel.org, akpm@linux-foundation.org, "Baoquan He" , bhelgaas@google.com, "Luca Boccassi" Subject: Re: [PATCH v2 0/2] x86/kexec: UKI Support Content-Type: text/plain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Thu, 14 Sep 2023 14:05:05 -0700 (PDT) X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email On Thu, Sep 14, 2023, at 8:51 PM, Philipp Rudo wrote: > [...] > > In this context I hope it is also clear to you that when more and more > people rely on the spec you need a more formal process when including > changes. Especially when the change might break the implementation of > others. So no more making the .cmdline optional and allowing it to be > overwritten all on the same day. > > Having that said, what does "local override" exactly mean? Does that > mean a distro can allow a user to freely choose the cmdline without > checking any signatures? The behavior of systemd-stub is to allow the bootloader (or whatever called sd-stub) supplied cmdline when there is no .cmdline section in the UKI. That's how I understand "local override" here. For WIP v3 of this patch the behavior is to use the cmdline supplied by userspace to the kexec_file_load syscall if no .cmdline section is in the UKI. empty .cmdline section -> empty cmdline always passed to kernel .cmdline section -> use bootloader/user supplied cmdline (which would be empty by default) This setup does not make sense for a locked down / secure system though. Maybe the word "override" is not ideal. There is nothing actually being overridden as there is no cmdline in the UKI in the first place. sd-stub also allows the bootloader supplied cmdline if not using secure boot. So maybe the kernel could allow user supplied cmdline if not in lockdown mode for kexec maybe? If not in lockdown mode somebody can just kexec an unsigned kernel + unsigned cmdline using the kexec_load syscall anyways. For this case the word "override" makes sense. The logic for all of this in sd-stub is in [1]. > I.e. does that mean we can get rid of this > https://github.com/systemd/systemd/issues/24539 This is a different usecase IMO. >> Hence, seeing the spec as set in stone and as inherently low quality >> is the wrong way to see it I am sure. Instead, the goal here is to >> adjust the spec to make it work really nicely for *both* systemd and >> the kernel. > > Sorry, I never wanted to intend that the spec inherently low quality. > Just that it doesn't meat my expectations, yet. But that is fine. The > spec isn't even a year old and there's only a single implementation, > yet. So it's more documentation rather than a spec. Let's make it happen. [1] https://github.com/systemd/systemd/blob/5898cef22a35ceefa068d5f46929eced2baab0ed/src/boot/efi/stub.c#L140