Received: by 2002:a05:7412:37c9:b0:e2:908c:2ebd with SMTP id jz9csp1222438rdb; Wed, 20 Sep 2023 03:17:30 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFW9RoUX92WkCDwFXACRoVo1is+Vs9ZOHQI/AiLfxSob8VL82Z6xuPj8xxkU7igA5oGvm9P X-Received: by 2002:a05:6358:2920:b0:143:5eaf:d6fa with SMTP id y32-20020a056358292000b001435eafd6famr2555896rwb.9.1695205050502; Wed, 20 Sep 2023 03:17:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695205050; cv=none; d=google.com; s=arc-20160816; b=EvGeEqD+UiVmT0ai5zbCe0Aiyc9cVVIwM8Z0ajhXD4Bby3fUCAEINMIViLgdWkkge4 h3izlGqUhlokXouGgtouL9+GftnMuViTG1RZTNPqdp5uxav6fUol6uBDE+nIZvBqBOsn 4ZyPKaSe86l5kGYa4nPAjoM8I/o/pgGRJAbhZsJEtJ3VpqcPaWd+P+xQzktiTAzFsren Mbapd4pJq/cgK8CLVM20XUqNL0YXZWhnlaIXTQo9zimFdWxon0eNjXJLf4HRPfCUSTIp mb/aicfmKqHNv5pL/naVcw2p+ndNvoJWIlBhI3Vtb5diQug3Ls2Mu4jbwMqxVfFdK4OC jQrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=cQY/xb2Ut4I8guUVtcmZYuOrVGNbPd5OCYHLcWkr4PQ=; fh=GJeSasUeG4zlUOrbxOZjm4wIyHwZcq2iVmXXz/UONZE=; b=tPJPLru9Ml+2OS9zpHogKeYJA1UvfbbJW6NZ46vD5/gnJvT7696QrD5tCBnwvTDcmY dnan/lboVl2vVlcYShVS2g2UPwiTL34rRU9vyhbBIYjXAXkiLvgDfGdJUooVHKXUpPSE F2nX5jVU1uycKMnaP0yaoed041eCSlAgBLHlniZrCOZtTi82LSsoyy/k7KjfnwuPffyc 7OJq9YPXTvjx/FYtPyvJ0dH7gfUDck4wI3TiCSMrZKLwcwJ43sDST2pJf+Pu0CzQ0rAn v/INgMRR8AIsyv6ew6/FJ1zRSURuLiXRRYO0PDno5mvUXzeSpuEAfSvswKjTasJAuZfp +5gQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=TO6IdKsm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id f27-20020a63101b000000b005648b1d63aasi11035693pgl.553.2023.09.20.03.17.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Sep 2023 03:17:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=TO6IdKsm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 11322831E296; Wed, 20 Sep 2023 00:45:13 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233938AbjITHpA (ORCPT + 99 others); Wed, 20 Sep 2023 03:45:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43892 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233982AbjITHoo (ORCPT ); Wed, 20 Sep 2023 03:44:44 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 72CF0CF for ; Wed, 20 Sep 2023 00:43:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1695195830; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=cQY/xb2Ut4I8guUVtcmZYuOrVGNbPd5OCYHLcWkr4PQ=; b=TO6IdKsmDcLxYyCB2JDPtnsEnSWG2OR1G4y/eL3blNPKGs9sDjQsGHO/Q2uJ7Ih21aK9Za 3HqbLbcS3BLIzeDNFSmqeXinkTsaX2cBAXFdBfFYLPlqkYE+0TloGdFcsuLsQIIw8XhJEp z9CexWmrvCA266fJbflq3Fvawn89EKE= Received: from mail-io1-f72.google.com (mail-io1-f72.google.com [209.85.166.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-451-ydy1K_gjPmORB-WrSFGEEQ-1; Wed, 20 Sep 2023 03:43:48 -0400 X-MC-Unique: ydy1K_gjPmORB-WrSFGEEQ-1 Received: by mail-io1-f72.google.com with SMTP id ca18e2360f4ac-792701056b1so156397839f.1 for ; Wed, 20 Sep 2023 00:43:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695195828; x=1695800628; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=cQY/xb2Ut4I8guUVtcmZYuOrVGNbPd5OCYHLcWkr4PQ=; b=rhoP2jtqG+VjfkBH4VA9OITYsl1Ld+BWLhT9J6rgaapydud1F2+85D+TwOmGDfw617 9yw5zjswdVDTqmdt6AY3A91Ft4scJb3AsYsTstK4vWSj3HyjV2UNK7G7/BiQBqMnUZjK gBLG2CNxUI7KnKc7/mfXYK71WxF6Z0ToSvh1xi1jji3istGppSZCyfbjbaLnhz4Sfd2/ GlAQkL1y3fobyXKzby0zTxtD0QXjq15HJ51t0ZaPTz2YMC1XOiJzGn7BUyfxMQgjDmbT 25DE1AjlQy6OMdRYxGlhntaYbkUjeC5pXtWNh0hpL3cFSqEwphl+iyg1Kcudt9fXcPRi lB4w== X-Gm-Message-State: AOJu0YyeCYqcgpnX+iI6Dte0Q3uxNGWB38Yk3izadBlvt5CxrTlWEaYF J4zLQQfL/cqQ+b0O5XiIgRtcJ9cE89LVVY/sqxnxOcIX79QTqDcVRjTUOrvSDQuRXGN4jgFNsB6 2MmoCpYuHYmlnnJyM3bqbSBhevLe/H3iwZYrwgu32 X-Received: by 2002:a92:c649:0:b0:34f:6e08:d6a3 with SMTP id 9-20020a92c649000000b0034f6e08d6a3mr2061576ill.0.1695195828112; Wed, 20 Sep 2023 00:43:48 -0700 (PDT) X-Received: by 2002:a92:c649:0:b0:34f:6e08:d6a3 with SMTP id 9-20020a92c649000000b0034f6e08d6a3mr2061565ill.0.1695195827853; Wed, 20 Sep 2023 00:43:47 -0700 (PDT) MIME-Version: 1.0 References: <20230911052535.335770-1-kernel@jfarr.cc> <20230913160045.40d377f9@rotkaeppchen> <63952cb0-5217-42a8-9b62-8be6d03f5844@app.fastmail.com> In-Reply-To: <63952cb0-5217-42a8-9b62-8be6d03f5844@app.fastmail.com> From: Dave Young Date: Wed, 20 Sep 2023 15:43:27 +0800 Message-ID: Subject: Re: [PATCH v2 0/2] x86/kexec: UKI Support To: Jan Hendrik Farr Cc: Philipp Rudo , linux-kernel@vger.kernel.org, kexec@lists.infradead.org, x86@kernel.org, tglx@linutronix.de, dhowells@redhat.com, vgoyal@redhat.com, keyrings@vger.kernel.org, akpm@linux-foundation.org, Baoquan He , bhelgaas@google.com, Luca Boccassi , lennart@poettering.net, "Liu, Pingfan" , Ard Biesheuvel Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 20 Sep 2023 00:45:13 -0700 (PDT) > > In the end the only benefit this series brings is to extend the > > signature checking on the whole UKI except of just the kernel image. > > Everything else can also be done in user space. Compared to the > > problems described above this is a very small gain for me. > > Correct. That is the benefit of pulling the UKI apart in the > kernel. However having to sign the kernel inside the UKI defeats > the whole point. Pingfan added the zboot load support in kexec-tools, I know that he is trying to sign the zboot image and the inside kernel twice. So probably there are some common areas which can be discussed. Added Ard and Pingfan in cc. http://lists.infradead.org/pipermail/kexec/2023-August/027674.html Thanks Dave