Received: by 2002:a05:7412:251c:b0:e2:908c:2ebd with SMTP id w28csp1376971rda; Mon, 23 Oct 2023 10:36:02 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEol5bFx3+Lsk24qBi4yc57iAJCIsL3RaGRokE1k5eOpu/f91zxspZTNBsZYtdBcaQIGiFC X-Received: by 2002:a05:6a20:da93:b0:17a:cfce:5a38 with SMTP id iy19-20020a056a20da9300b0017acfce5a38mr373384pzb.48.1698082561646; Mon, 23 Oct 2023 10:36:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698082561; cv=none; d=google.com; s=arc-20160816; b=bcuQ0eO1ZANlhEZW+ZV+fzlpNnW/LlBeCKt1v30zm4WWQfBTsQXEH3J94pZwqZaoyI ur7rjulp+HvC1sm/oY2I0jIs6OE6fYZKXBsepGLX0VqfEJN7tXcmW6WZcQb4qN93xz/U yDE3ON8wbk1RRyD5zKQBznjv9xfZbpvdajxwOST4uvIvYcIk0ap5pREO5h+973K3hc5C nHU8nGCShHunrMAnDdQffhEP7KTQJ2Gh1baYO46ZlNc/NuTLKixIyR39lWZWBDOdX3vb WAYb8naZ1SWSzMfa1Kvjl8uo6+b8XuKGu8+KFVcMJunLo8QI6hF5WkfbWHQO47yX73GN uJWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:feedback-id :dkim-signature:dkim-signature; bh=geyH5WqMlThfcHZLlfgq+oFzVP2Hwr+FGtkBpCnynnU=; fh=Ks6uqCWcvLHCBPe032MNfWLdR2+dJcgPVuh8uW4J1jI=; b=Jy1vPHxkVJWTQWF6Zdhsh+LqPLecYPAvhocoijEdCRPQLdmLF4Gg7aMPnPCmEPXjJ5 1pDxtixS28djine8tXcTnyc810YXc2p9+c4WphMb1HRA0l4RlT+toDkgiou8xoEyKHyk cG5YVtM0y8xkJfxS3S0/awFkJMoLDvtQY8+kXbdlAphQZfNj/rXhaE0ZBm2SkhDgSxKR mJwWifSSFmIp9V9cNXsz+0NcDAN1GtVTihAnRRskatlNSHUKTSmF0bRg12ex3XbH55nx YzUWuquDwNpEIq/vrDVIRiN4vijzmH2ErsoZGEYT1lqXgqffGaJPf3KWVM6qvXUgThIo Kv+Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@jfarr.cc header.s=fm2 header.b=i2EEOUod; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=CtQFK5ne; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=jfarr.cc Return-Path: Received: from pete.vger.email (pete.vger.email. [23.128.96.36]) by mx.google.com with ESMTPS id d14-20020a056a00198e00b006933e8fec67si7016268pfl.227.2023.10.23.10.36.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Oct 2023 10:36:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36; Authentication-Results: mx.google.com; dkim=pass header.i=@jfarr.cc header.s=fm2 header.b=i2EEOUod; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=CtQFK5ne; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=jfarr.cc Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 4817E805001F; Mon, 23 Oct 2023 10:35:58 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233707AbjJWRfr (ORCPT + 99 others); Mon, 23 Oct 2023 13:35:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55632 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230316AbjJWRfq (ORCPT ); Mon, 23 Oct 2023 13:35:46 -0400 Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A5B89A3; Mon, 23 Oct 2023 10:35:43 -0700 (PDT) Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailout.nyi.internal (Postfix) with ESMTP id DC6155C0371; Mon, 23 Oct 2023 13:35:39 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute7.internal (MEProxy); Mon, 23 Oct 2023 13:35:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jfarr.cc; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm2; t=1698082539; x=1698168939; bh=ge yH5WqMlThfcHZLlfgq+oFzVP2Hwr+FGtkBpCnynnU=; b=i2EEOUodXYKQcARsKD 7JKLLYx5t4i7TiomDbTxcdq2SqBLW6eQtOpjuHRXAzGKRZgqytbtILamKxt/CctI d8J4eQWvmyD8muBNDC9RI120m+jGD/8mGSrwPUXnOKAzjw2rgWMAQ53XV00iXzt3 D9MAhFh3wCmdi2NfQmi0QgiLf1mfQN0forvMG1JVHuaqlUusKkxqSh+2mDHgfFnb YQOKz9lu3ZcL663e6zdUK0+2CXqUDc5KpSt3pVZ2skjrZ+yEhg6b1L10zPkLAxif tYhGMtEYg/QB54le5SlKu2FyGF2Q+SIpIPt+lETtvHrsErCwQOtl8+GhoTXGujlh 9R0Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1698082539; x=1698168939; bh=geyH5WqMlThfc HZLlfgq+oFzVP2Hwr+FGtkBpCnynnU=; b=CtQFK5neqSQQTTlmZ8BnPAPOmuwJ5 v1UHMG7jGV3tjDPduIJKUFFtDKeKev6AEAxu5D8PG6Dia6w1VGqdgm3VKSBRbC28 VEBRnv2o4zee1OWV/hBOyt8ciWGVmIdejRsctI8qbj7T3yK23dAAFsHFoPnn1UPS McTlV6zc5JGxPHyzmNr3Ei+A6WrYafFDGIatmoNTi9Krl2RA80GDAHwTSA19uy0B UKf+4VnThg12lJy9twtaw6eFy1N65gvtu2jcTixemaTOSUHMFVcmTn+ZXMkXL2B7 msO8MoMtGge/3S4gzyc86E7tvbmmBngdTab7VcdGqxAOkP/HByRpgEk+g== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrkeeigdduuddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne gfrhhlucfvnfffucdludehmdenucfjughrpeffhffvvefukfhfgggtuggjsehttdertddt tddvnecuhfhrohhmpeflrghnucfjvghnughrihhkucfhrghrrhcuoehkvghrnhgvlhesjh hfrghrrhdrtggtqeenucggtffrrghtthgvrhhnpedukeegffdtfeeihfehteevvdeiueet teelgfefvdfhleeufeegieduieduhfekieenucevlhhushhtvghrufhiiigvpedtnecurf grrhgrmhepmhgrihhlfhhrohhmpehkvghrnhgvlhesjhhfrghrrhdrtggt X-ME-Proxy: Feedback-ID: i01d149f8:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 23 Oct 2023 13:35:36 -0400 (EDT) Date: Mon, 23 Oct 2023 19:35:34 +0200 From: Jan Hendrik Farr To: Ard Biesheuvel Cc: Ard Biesheuvel , linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, Evgeniy Baskov , Borislav Petkov , Dave Hansen , Ingo Molnar , Thomas Gleixner , Peter Jones , Matthew Garrett , Gerd Hoffmann , Kees Cook , "H. Peter Anvin" Subject: Re: [PATCH v2 00/15] x86/boot: Rework PE header generation Message-ID: References: <20230912090051.4014114-17-ardb@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Mon, 23 Oct 2023 10:35:58 -0700 (PDT) On 23 13:22:53, Ard Biesheuvel wrote: > On Tue, 3 Oct 2023 at 04:03, Jan Hendrik Farr wrote: > > > > On 12 09:00:51, Ard Biesheuvel wrote: > > > From: Ard Biesheuvel > > > > > > Now that the EFI stub boot flow no longer relies on memory that is > > > executable and writable at the same time, we can reorganize the PE/COFF > > > view of the kernel image and expose the decompressor binary's code and > > > r/o data as a .text section and data/bss as a .data section, using 4k > > > alignment and limited permissions. > > > > > > Doing so is necessary for compatibility with hardening measures that are > > > being rolled out on x86 PCs built to run Windows (i.e., the majority of > > > them). The EFI boot environment that the Linux EFI stub executes in is > > > especially sensitive to safety issues, given that a vulnerability in the > > > loader of one OS can be abused to attack another. > > > > This split is also useful for the work of kexecing the next kernel as an > > EFI application. With the current EFI stub I have to set the memory both > > writable and executable which results in W^X warnings with a default > > config. > > > > What made this more confusing was that the flags of the .text section in > > current EFI stub bzImages are set to > > IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_MEM_READ. So if you load that section > > according to those flags the EFI stub will quickly run into issues. > > > > I assume current firmware on x86 machines does not set any restricted > > permissions on the memory. Can someone enlighten me on their behavior? > > > > No current x86 firmware does not use restricted permissions at all. > All memory is mapped with both writable and executable permissions, > except maybe the stack. > > The x86 Linux kernel has been depending on this behavior too, up until > recently (fixes are in -rc now for the v6.6 release). Before this, it > would copy its own executable image around in memory. > > So EFI based kexec will need to support this behavior if it targets > older x86 kernels, although I am skeptical that this is a useful > design goal. I don't see this as an important goal either. > I have been experimenting with running the EFI stub code in user space > all the way until ExitBootServices(). The same might work for UKI if > it is layered cleanly on top of the EFI APIs (rather than poking into > system registers or page tables under the hood). > > How this would work with signed images etc is TBD but I quite like the > idea of running everything in user space and having a minimal > purgatory (or none at all) if we can simply populate the entire > address space while running unprivileged, and just branch to it in the > kexec() syscall. I imagine this being something like a userspace > helper that is signed/trusted itself, and gets invoked by the kernel > to run EFI images that are trusted and tagged as being executable > unprivileged. I've been experimenting with running EFI apps inside kernel space instead. This is the more natural approach for signed images. Sure, a malicious EFI app could do arbitrary stuff in kernel mode, but they're signed. On the other hand running this entirely in user space would at least guarantee that the system can not crash due to a misbehaving EFI app (at least until ExitBootServices()). The question of whether or not to make this the job of a userspace helper that is signed must have come up when kexec_file_load syscall was added. It would have also been an option at the time to extend trust to a signed version of the userspace kexec tool. Why was kexec_file_load created instead of restricting kexec_load to a signed version of the kexec userspace tool?