From: "Jan Beulich" <jbeulich@suse.com>
To: eric.devolder@oracle.com
Cc: boris.ostrovsky@oracle.com, kexec@lists.infradead.org,
daniel.kiper@oracle.com, xen-devel@lists.xen.org
Subject: Re: [RFC v1 0/8] Prototype for kexec signature verification within Xen
Date: Tue, 29 Jan 2019 04:04:31 -0700 [thread overview]
Message-ID: <5C50333F020000780014B85A__28289.7282320604$1548759936$gmane$org@prv1-mh.provo.novell.com> (raw)
In-Reply-To: <1547495285-28907-1-git-send-email-eric.devolder@oracle.com>
>>> Eric DeVolder <eric.devolder@oracle.com> 01/14/19 8:48 PM >>>
>On April 20, 2018, I posted to xen-devel an RFC inquiring about
>support for signature verification of kexec within Xen:
>
>https://lists.xenproject.org/archives/html/xen-devel/2018-04/msg01655.html
>
>Since then, I've worked towards a solution. For the purposes of
>understanding signature verification, I built a standalone utility to
>parse the xen.mb.efi PECOFF file, hash it contents, and extract its
>digitial certificate and perform the Authenticode signature
>verification. Once this was all working, I integrated the files into
>Xen.
Perhaps I'm just lacking some context, but neither the mail referenced
above nor my looking at the Linux code reveal any connection to PE-COFF.
How's that file format becoming of interest here all of the sudden?
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2019-01-29 11:04 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-14 19:47 [RFC v1 0/8] Prototype for kexec signature verification within Xen Eric DeVolder
2019-01-14 19:47 ` [RFC v1 1/8] kexec: add kexec_file_load to libxenctrl Eric DeVolder
2019-01-29 10:51 ` Jan Beulich
2019-01-29 10:51 ` [Xen-devel] " Jan Beulich
2019-01-14 19:47 ` Eric DeVolder
2019-01-14 19:47 ` [RFC v1 2/8] kexec: implement kexec_file_load() for PECOFF+Authenticode files Eric DeVolder
2019-01-14 19:47 ` Eric DeVolder
2019-01-14 19:48 ` [RFC v1 3/8] kexec: new file openssl-1.1.0i.patch Eric DeVolder
2019-01-14 19:48 ` Eric DeVolder
2019-01-14 19:48 ` [RFC v1 4/8] kexec: xen/common/Makefile: include building of OpenSSL Eric DeVolder
2019-01-14 19:48 ` Eric DeVolder
2019-01-14 19:48 ` [RFC v1 5/8] kexec: changes to facilitate compiling OpenSSL within Xen Eric DeVolder
2019-01-14 19:48 ` Eric DeVolder
2019-01-14 19:48 ` [RFC v1 6/8] kexec: support files for PECOFF Authenticode signature verification Eric DeVolder
2019-01-14 19:48 ` Eric DeVolder
2019-01-14 19:48 ` [RFC v1 7/8] kexec: Xen compatible makefile for OpenSSL Eric DeVolder
2019-01-14 19:48 ` Eric DeVolder
2019-01-14 19:48 ` [RFC v1 8/8] kexec: include OpenSSL build in xen.spec Eric DeVolder
2019-01-14 19:48 ` Eric DeVolder
2019-01-29 11:04 ` [Xen-devel] [RFC v1 0/8] Prototype for kexec signature verification within Xen Jan Beulich
2019-01-29 11:04 ` Jan Beulich [this message]
-- strict thread matches above, loose matches on Subject: below --
2019-01-14 19:47 Eric DeVolder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='5C50333F020000780014B85A__28289.7282320604$1548759936$gmane$org@prv1-mh.provo.novell.com' \
--to=jbeulich@suse.com \
--cc=boris.ostrovsky@oracle.com \
--cc=daniel.kiper@oracle.com \
--cc=eric.devolder@oracle.com \
--cc=kexec@lists.infradead.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.