From: Matthew Garrett <mjg59@google.com>
To: Daniel Kiper <daniel.kiper@oracle.com>
Cc: The development of GNU GRUB <grub-devel@gnu.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
trenchboot-devel@googlegroups.com,
"the arch/x86 maintainers" <x86@kernel.org>,
alexander.burmashev@oracle.com,
Andrew Cooper <andrew.cooper3@citrix.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
"Daniel P. Smith" <dpsmith@apertussolutions.com>,
eric.snowberg@oracle.com,
Javier Martinez Canillas <javierm@redhat.com>,
kanth.ghatraju@oracle.com, konrad.wilk@oracle.com,
krystian.hebel@3mdeb.com, lukasz.hawrylko@linux.intel.com,
michal.zygowski@3mdeb.com,
"Vladimir 'phcoder' Serbinenko" <phcoder@gmail.com>,
pirot.krol@3mdeb.com, Peter Jones <pjones@redhat.com>,
Ross Philipson <ross.philipson@oracle.com>
Subject: Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel
Date: Wed, 6 May 2020 11:36:49 -0700 [thread overview]
Message-ID: <CACdnJuvsx_sRG=TAQzcgF6E+xdpcR_e0QURH6AnBSwJxVbOE1A@mail.gmail.com> (raw)
In-Reply-To: <20200506133306.xrzplgdt4cckgrqc@tomti.i.net-space.pl>
On Wed, May 6, 2020 at 6:33 AM Daniel Kiper <daniel.kiper@oracle.com> wrote:
>
> On Tue, May 05, 2020 at 10:29:05AM -0700, Matthew Garrett wrote:
> > On Mon, May 4, 2020 at 4:25 PM Daniel Kiper <daniel.kiper@oracle.com> wrote:
> > >
> > > Otherwise the kernel does not know its state and cannot enable various
> > > security features depending on UEFI Secure Boot.
> >
> > I think this needs more context. If the kernel is loaded via the EFI
> > boot stub, the kernel is aware of the UEFI secure boot state. Why
> > duplicate this functionality in order to avoid the EFI stub?
>
> It seems to me that this issue was discussed here [1] and here [2].
> So, if you want me to improve the commit message I am OK with that.
Yes, I think just providing an explanation for why it's currently
necessary for you to duplicate this is reasonable.
next prev parent reply other threads:[~2020-05-06 18:37 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-04 23:21 [GRUB PATCH RFC 00/18] i386: Intel TXT secure launcher Daniel Kiper
2020-05-04 23:21 ` [GRUB PATCH RFC 01/18] i386/msr: Merge rdmsr.h and wrmsr.h into msr.h Daniel Kiper
2020-05-04 23:21 ` [GRUB PATCH RFC 02/18] i386/msr: Rename grub_msr_read() and grub_msr_write() Daniel Kiper
2020-05-04 23:21 ` [GRUB PATCH RFC 03/18] i386/msr: Extract and improve MSR support detection code Daniel Kiper
2020-05-04 23:21 ` [GRUB PATCH RFC 04/18] i386/memory: Rename PAGE_SHIFT to GRUB_PAGE_SHIFT Daniel Kiper
2020-05-04 23:21 ` [GRUB PATCH RFC 05/18] i386/memory: Rename PAGE_SIZE to GRUB_PAGE_SIZE and make it global Daniel Kiper
2020-05-04 23:21 ` [GRUB PATCH RFC 06/18] mmap: Add grub_mmap_get_lowest() and grub_mmap_get_highest() Daniel Kiper
2020-05-04 23:21 ` [GRUB PATCH RFC 07/18] i386/tpm: Rename tpm module to tpm_verifier Daniel Kiper
2020-05-04 23:21 ` [GRUB PATCH RFC 08/18] i386/tpm: Add TPM TIS and CRB driver Daniel Kiper
2020-05-04 23:21 ` [GRUB PATCH RFC 09/18] efi: Make shim_lock GUID and protocol type public Daniel Kiper
2020-05-04 23:21 ` [GRUB PATCH RFC 10/18] efi: Return grub_efi_status_t from grub_efi_get_variable() Daniel Kiper
2020-05-04 23:21 ` [GRUB PATCH RFC 11/18] efi: Add a function to read EFI variables with attributes Daniel Kiper
2020-05-04 23:21 ` [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel Daniel Kiper
2020-05-05 17:29 ` Matthew Garrett
2020-05-06 13:33 ` Daniel Kiper
2020-05-06 18:36 ` Matthew Garrett [this message]
2020-05-07 10:46 ` Daniel Kiper
2020-05-04 23:21 ` [GRUB PATCH RFC 13/18] i386/slaunch: Add basic platform support for secure launch Daniel Kiper
2020-05-04 23:21 ` [GRUB PATCH RFC 14/18] i386/txt: Add Intel TXT definitions header file Daniel Kiper
2020-05-04 23:21 ` [GRUB PATCH RFC 15/18] i386/txt: Add Intel TXT core implementation Daniel Kiper
2020-05-22 13:24 ` Krystian Hebel
2020-06-01 14:16 ` Ross Philipson
2020-05-04 23:21 ` [GRUB PATCH RFC 16/18] i386/txt: Add Intel TXT ACM module support Daniel Kiper
2020-05-04 23:21 ` [GRUB PATCH RFC 17/18] i386/txt: Add Intel TXT verification routines Daniel Kiper
2020-05-04 23:21 ` [GRUB PATCH RFC 18/18] i386/slaunch: Add secure launch framework and commands Daniel Kiper
2020-05-05 14:38 ` [GRUB PATCH RFC 00/18] i386: Intel TXT secure launcher Lukasz Hawrylko
2020-05-07 11:06 ` Daniel Kiper
2020-05-13 13:47 ` Lukasz Hawrylko
2020-06-01 15:32 ` Daniel P. Smith
2020-06-01 16:51 ` Andy Lutomirski
2020-06-01 17:56 ` Daniel P. Smith
2020-06-01 18:03 ` Ross Philipson
2020-06-01 19:39 ` Andy Lutomirski
2020-06-02 0:13 ` Daniel P. Smith
2020-06-02 0:49 ` Andy Lutomirski
2020-06-02 1:29 ` Daniel P. Smith
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACdnJuvsx_sRG=TAQzcgF6E+xdpcR_e0QURH6AnBSwJxVbOE1A@mail.gmail.com' \
--to=mjg59@google.com \
--cc=alexander.burmashev@oracle.com \
--cc=andrew.cooper3@citrix.com \
--cc=ard.biesheuvel@linaro.org \
--cc=daniel.kiper@oracle.com \
--cc=dpsmith@apertussolutions.com \
--cc=eric.snowberg@oracle.com \
--cc=grub-devel@gnu.org \
--cc=javierm@redhat.com \
--cc=kanth.ghatraju@oracle.com \
--cc=konrad.wilk@oracle.com \
--cc=krystian.hebel@3mdeb.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lukasz.hawrylko@linux.intel.com \
--cc=michal.zygowski@3mdeb.com \
--cc=phcoder@gmail.com \
--cc=pirot.krol@3mdeb.com \
--cc=pjones@redhat.com \
--cc=ross.philipson@oracle.com \
--cc=trenchboot-devel@googlegroups.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.