From: Gary Lin <glin@suse.com>
To: hpa@zytor.com
Cc: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
x86@kernel.org, linux-kernel@vger.kernel.org,
linux-efi@vger.kernel.org,
Masahiro Yamada <yamada.masahiro@socionext.com>,
Michal Marek <mmarek@suse.com>,
Matt Fleming <matt@codeblueprint.co.uk>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Joey Lee <jlee@suse.com>, Vojtech Pavlik <vojtech@suse.cz>
Subject: Re: [RFC PATCH] x86: Config options to assign versions in the PE-COFF header
Date: Fri, 14 Apr 2017 11:51:19 +0800 [thread overview]
Message-ID: <20170414035119.v2kjxcsuauj3bdj2@GaryWorkstation> (raw)
In-Reply-To: <8E544119-66B8-4482-BBE9-68B6C7A3AAE9@zytor.com>
On Thu, Apr 13, 2017 at 03:21:20PM -0700, hpa@zytor.com wrote:
> On April 11, 2017 3:20:41 AM PDT, Gary Lin <glin@suse.com> wrote:
> >This commit adds the new config options to allow the user to modify the
> >following fields in the PE-COFF header.
> >
> >UINT16 MajorOperatingSystemVersion
> >UINT16 MinorOperatingSystemVersion
> >UINT16 MajorImageVersion
> >UINT16 MinorImageVersion
> >
> >Those fields are mainly for the executables or libraries in Windows NT
> >or higher to specify the minimum supported Windows version and the
> >version of the image itself.
> >
> >Given the fact that those fields are ignored in UEFI, we can safely
> >reuse
> >those fields for other purposes, e.g. Security Version(*).
> >
> >(*) https://github.com/lcp/shim/wiki/Security-Version
> >
> >Cc: Thomas Gleixner <tglx@linutronix.de>
> >Cc: Ingo Molnar <mingo@redhat.com>
> >Cc: "H. Peter Anvin" <hpa@zytor.com>
> >Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
> >Cc: Michal Marek <mmarek@suse.com>
> >Cc: Matt Fleming <matt@codeblueprint.co.uk>
> >Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >Cc: Joey Lee <jlee@suse.com>
> >Cc: Vojtech Pavlik <vojtech@suse.cz>
> >Signed-off-by: Gary Lin <glin@suse.com>
> >Tested-by: Joey Lee <jlee@suse.com>
> >---
[snip]
>
> Reusing PECOFF fields seems doubleplusunsafe: we don't own those fields, the UEFI forum does. It would make a lot more sense to add these fields to the bzImage header directly or indirectly (via a pointer), the latter would be more economical since the bzImage header size is bounded.
>
> We could even define it as a pointer to a "security information header" with its own size field, so it can be grown in the future as needed.
Reusing PE-COFF simplifies the implementation since shim can parse the
header directly. I can raise the issue to the UEFI forum to clarify the
usage of those fields.
Meanwhile, I'll also look into the bzImage header in case the PE-COFF
header is really a NO-GO.
Thanks,
Gary Lin
WARNING: multiple messages have this Message-ID (diff)
From: Gary Lin <glin-IBi9RG/b67k@public.gmane.org>
To: hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org
Cc: Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>,
Ingo Molnar <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Masahiro Yamada
<yamada.masahiro-uWyLwvC0a2jby3iVrkZq2A@public.gmane.org>,
Michal Marek <mmarek-IBi9RG/b67k@public.gmane.org>,
Matt Fleming
<matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>,
Ard Biesheuvel
<ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>,
Joey Lee <jlee-IBi9RG/b67k@public.gmane.org>,
Vojtech Pavlik <vojtech-AlSwsSmVLrQ@public.gmane.org>
Subject: Re: [RFC PATCH] x86: Config options to assign versions in the PE-COFF header
Date: Fri, 14 Apr 2017 11:51:19 +0800 [thread overview]
Message-ID: <20170414035119.v2kjxcsuauj3bdj2@GaryWorkstation> (raw)
In-Reply-To: <8E544119-66B8-4482-BBE9-68B6C7A3AAE9-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
On Thu, Apr 13, 2017 at 03:21:20PM -0700, hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org wrote:
> On April 11, 2017 3:20:41 AM PDT, Gary Lin <glin-IBi9RG/b67k@public.gmane.org> wrote:
> >This commit adds the new config options to allow the user to modify the
> >following fields in the PE-COFF header.
> >
> >UINT16 MajorOperatingSystemVersion
> >UINT16 MinorOperatingSystemVersion
> >UINT16 MajorImageVersion
> >UINT16 MinorImageVersion
> >
> >Those fields are mainly for the executables or libraries in Windows NT
> >or higher to specify the minimum supported Windows version and the
> >version of the image itself.
> >
> >Given the fact that those fields are ignored in UEFI, we can safely
> >reuse
> >those fields for other purposes, e.g. Security Version(*).
> >
> >(*) https://github.com/lcp/shim/wiki/Security-Version
> >
> >Cc: Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>
> >Cc: Ingo Molnar <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> >Cc: "H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
> >Cc: Masahiro Yamada <yamada.masahiro-uWyLwvC0a2jby3iVrkZq2A@public.gmane.org>
> >Cc: Michal Marek <mmarek-IBi9RG/b67k@public.gmane.org>
> >Cc: Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
> >Cc: Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
> >Cc: Joey Lee <jlee-IBi9RG/b67k@public.gmane.org>
> >Cc: Vojtech Pavlik <vojtech-AlSwsSmVLrQ@public.gmane.org>
> >Signed-off-by: Gary Lin <glin-IBi9RG/b67k@public.gmane.org>
> >Tested-by: Joey Lee <jlee-IBi9RG/b67k@public.gmane.org>
> >---
[snip]
>
> Reusing PECOFF fields seems doubleplusunsafe: we don't own those fields, the UEFI forum does. It would make a lot more sense to add these fields to the bzImage header directly or indirectly (via a pointer), the latter would be more economical since the bzImage header size is bounded.
>
> We could even define it as a pointer to a "security information header" with its own size field, so it can be grown in the future as needed.
Reusing PE-COFF simplifies the implementation since shim can parse the
header directly. I can raise the issue to the UEFI forum to clarify the
usage of those fields.
Meanwhile, I'll also look into the bzImage header in case the PE-COFF
header is really a NO-GO.
Thanks,
Gary Lin
next prev parent reply other threads:[~2017-04-14 3:51 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-11 10:20 [RFC PATCH] x86: Config options to assign versions in the PE-COFF header Gary Lin
2017-04-11 17:37 ` Ard Biesheuvel
2017-04-11 17:37 ` Ard Biesheuvel
2017-04-12 3:30 ` Gary Lin
2017-04-12 3:30 ` Gary Lin
2017-04-13 22:21 ` hpa
2017-04-13 22:21 ` hpa-YMNOUZJC4hwAvxtiuMwx3w
2017-04-14 3:51 ` Gary Lin [this message]
2017-04-14 3:51 ` Gary Lin
2017-04-14 5:17 ` hpa
2017-04-14 5:17 ` hpa-YMNOUZJC4hwAvxtiuMwx3w
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170414035119.v2kjxcsuauj3bdj2@GaryWorkstation \
--to=glin@suse.com \
--cc=ard.biesheuvel@linaro.org \
--cc=hpa@zytor.com \
--cc=jlee@suse.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matt@codeblueprint.co.uk \
--cc=mingo@redhat.com \
--cc=mmarek@suse.com \
--cc=tglx@linutronix.de \
--cc=vojtech@suse.cz \
--cc=x86@kernel.org \
--cc=yamada.masahiro@socionext.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.