From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 45FC8C5475B for ; Thu, 14 Mar 2024 09:31:25 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.693071.1080809 (Exim 4.92) (envelope-from ) id 1rkhQf-0003JC-FI; Thu, 14 Mar 2024 09:31:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 693071.1080809; Thu, 14 Mar 2024 09:31:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rkhQf-0003J5-B5; Thu, 14 Mar 2024 09:31:13 +0000 Received: by outflank-mailman (input) for mailman id 693071; Thu, 14 Mar 2024 09:31:11 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rkhQd-0003Iz-IA for xen-devel@lists.xenproject.org; Thu, 14 Mar 2024 09:31:11 +0000 Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [2607:f8b0:4864:20::1034]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 9576d367-e1e5-11ee-afdd-a90da7624cb6; Thu, 14 Mar 2024 10:31:07 +0100 (CET) Received: by mail-pj1-x1034.google.com with SMTP id 98e67ed59e1d1-29c722a2e1aso564192a91.1 for ; Thu, 14 Mar 2024 02:31:07 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 9576d367-e1e5-11ee-afdd-a90da7624cb6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1710408666; x=1711013466; darn=lists.xenproject.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=+rwb5oqQFsCQxahi/bVQs5Z69+pPSBgsWMhIQOKz5gw=; b=fePrSBxolucvkMtuEmpkY70bY+NVcuKL5pEGAU9M3F27ITiEIuvM6S3Z4SYpeErmRY W3xx8s4/+PhOsmZFu75OBY+TDQOuaO8UF2Hu0oxBNQUrhw/WGEwLqkO5L79kLEpYpmzD urLCX5GqlhZX0KYHerqPC4T1k7rEy6Ygt7j1s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710408666; x=1711013466; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+rwb5oqQFsCQxahi/bVQs5Z69+pPSBgsWMhIQOKz5gw=; b=aONtYE3Ld+6VTGKnpN9emJ+AfbwQEyXYBYazx/EfkBWm4pEomteOorBM1+DxYeDU0k GqqQtOG0Xioqa6w3eM06NNKl4V8Fzq/v9BP95Fbry0NHY/8P1FFT+Hk0WYMduGRCSmFR J63yMKbq4GxVuF4sZbEhXtBBOBtaVMrnTQPkBAgqomPRk5L6lYJL9BS4MkjLk0SbM6FR lVimYmpAB6g1qqRGi1ntGq3zVZ2gQNbbVJXGcsEDI/iFPSCJ5sEPfBl/Pe8rW5wNruGZ cXflnwtJtig1E1L5cjVr+YNVCIkWZ/1Oh5q4lMdBOahDdbrIXZYzqc6vMoM5QrK94cjI vnUA== X-Gm-Message-State: AOJu0YzkhBp6q6DHj2EtkMwSrxCCJaW1TtHi7DkVKm26EAWPdXQ+umGQ 2lNbxQvQesyvfQgSWVKQq60plFNQ1gM4D7YCtvYjT0R3S7qzQGb/nmjEbuzTLTtX18QNz3tlK3R 1g/JDO0KCQcqethYhpRSwvolwFY2ssg89e6OL X-Google-Smtp-Source: AGHT+IEUOg1KYg94duL74iAVK63VnYRkbZwhJ59ARuVjLYmHNKeKlhACEdoiZMKrshTTQKcSTakDxiFHS+Eg1Pk67Ag= X-Received: by 2002:a17:90b:3912:b0:29d:dd40:cdc3 with SMTP id ob18-20020a17090b391200b0029ddd40cdc3mr432200pjb.18.1710408665939; Thu, 14 Mar 2024 02:31:05 -0700 (PDT) MIME-Version: 1.0 References: <20240313150748.791236-1-ross.lagerwall@citrix.com> <20240313150748.791236-2-ross.lagerwall@citrix.com> In-Reply-To: From: Ross Lagerwall Date: Thu, 14 Mar 2024 09:30:54 +0000 Message-ID: Subject: Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type To: Jan Beulich Cc: xen-devel@lists.xenproject.org, Andrew Cooper , Daniel Kiper , grub-devel@gnu.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Mar 14, 2024 at 7:24=E2=80=AFAM Jan Beulich wro= te: > > On 13.03.2024 16:07, Ross Lagerwall wrote: > > In addition to the existing address and ELF load types, specify a new > > optional PE binary load type. This new type is a useful addition since > > PE binaries can be signed and verified (i.e. used with Secure Boot). > > And the consideration to have ELF signable (by whatever extension to > the ELF spec) went nowhere? > I'm not sure if you're referring to some ongoing work to create signable ELFs that I'm not aware of. I didn't choose that route because: * Signed PE binaries are the current standard for Secure Boot. * Having signed ELF binaries would mean that code to handle them needs to be added to Shim which contravenes its goals of being small and simple to verify. * I could be wrong on this but to my knowledge, the ELF format is not being actively updated nor is the standard owned/maintained by a specific group which makes updating it difficult. * Tools would need to be updated/developed to add support for signing ELF binaries and inspecting the signatures. I am open to suggestions of course but I'm not sure what benefits there would be to going the ELF route. Ross From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 57097C5475B for ; Thu, 14 Mar 2024 09:32:08 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rkhR8-0000Op-0k; Thu, 14 Mar 2024 05:31:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rkhQd-0000Ng-Bj for grub-devel@gnu.org; Thu, 14 Mar 2024 05:31:15 -0400 Received: from mail-pj1-x1035.google.com ([2607:f8b0:4864:20::1035]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rkhQZ-0000Qy-Iv for grub-devel@gnu.org; Thu, 14 Mar 2024 05:31:10 -0400 Received: by mail-pj1-x1035.google.com with SMTP id 98e67ed59e1d1-29dd902adffso179470a91.0 for ; Thu, 14 Mar 2024 02:31:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1710408666; x=1711013466; darn=gnu.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=+rwb5oqQFsCQxahi/bVQs5Z69+pPSBgsWMhIQOKz5gw=; b=rhYBXk7OdYu7D9X0HKJ0V9xEfkA1gIpiEItDC7ToD5eaWdbmhYDZHADDjHuMdR5G8a jOqw+qQGSEh3wUU/VZ5mdnTfllWkkApMKCPAB4TK1PyXPI4FUmfiG0a3T5gALFiKPx+N IA1LWTlRDaO5xSO2QoOw1zOtoYhgThzuVo9gA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710408666; x=1711013466; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+rwb5oqQFsCQxahi/bVQs5Z69+pPSBgsWMhIQOKz5gw=; b=OErXgTY8NEH3qp4fPUh/VgD5d2V0tzTUVNCA/QfD8xwQy/migs0YbgAr1Lk8safetd KyzNRE6VDEeocuWG0ncPvKzulVj4h00/kHQIWIQwb37FBu0mAwpy+j5GMOyRmOBfNE3A v+TYgtbcbJRDk9/PbbSHe5El1HEx0zCgJ6WV/g6kzat0z3lF+TN6Nh8YZu608coO39aS rOvNrdZrOdFWswkT4av9m99I7jZpnk0nMvTxLdH7hE3xfCPe4rNWmnj7RQ/jevYDnKI5 Izm+wkbMXqeB2aNFqleXITB4r//2kP5I0LnyJYJHGlNzQdDEj5SH3CrWqQzGrylVZm3j CyXA== X-Forwarded-Encrypted: i=1; AJvYcCXq+iXi76Ivy1Ekv3YvMOg4ypLQYuPTlNbPFl2bAeWQcGlRbu0Ij7X2iEIwK3u5YENGL1rNzPq/RDEFL6cxe7G8wI0= X-Gm-Message-State: AOJu0Yx2lcz9/3yv5NexuzWRiuuuVYkc26K9pj4+0bphD6LPY//Tup7z /TixMjWpA5A1/KyzMV0+xPnXbZcb1sS8yhFKsbDgqGCME/8NKU/TRX2pjAqq7Yf10yxrCDShfJ1 /99XfN1PV3WVlQdNdgjaWQzL899n8MPiE2o69 X-Google-Smtp-Source: AGHT+IEUOg1KYg94duL74iAVK63VnYRkbZwhJ59ARuVjLYmHNKeKlhACEdoiZMKrshTTQKcSTakDxiFHS+Eg1Pk67Ag= X-Received: by 2002:a17:90b:3912:b0:29d:dd40:cdc3 with SMTP id ob18-20020a17090b391200b0029ddd40cdc3mr432200pjb.18.1710408665939; Thu, 14 Mar 2024 02:31:05 -0700 (PDT) MIME-Version: 1.0 References: <20240313150748.791236-1-ross.lagerwall@citrix.com> <20240313150748.791236-2-ross.lagerwall@citrix.com> In-Reply-To: Date: Thu, 14 Mar 2024 09:30:54 +0000 Message-ID: Subject: Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type To: Jan Beulich Received-SPF: pass client-ip=2607:f8b0:4864:20::1035; envelope-from=ross.lagerwall@cloud.com; helo=mail-pj1-x1035.google.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.971, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Ross Lagerwall via Grub-devel Reply-To: The development of GNU GRUB Cc: Ross Lagerwall , xen-devel@lists.xenproject.org, Andrew Cooper , Daniel Kiper , grub-devel@gnu.org Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: grub-devel-bounces+grub-devel=archiver.kernel.org@gnu.org Sender: grub-devel-bounces+grub-devel=archiver.kernel.org@gnu.org T24gVGh1LCBNYXIgMTQsIDIwMjQgYXQgNzoyNOKAr0FNIEphbiBCZXVsaWNoIDxqYmV1bGljaEBz dXNlLmNvbT4gd3JvdGU6Cj4KPiBPbiAxMy4wMy4yMDI0IDE2OjA3LCBSb3NzIExhZ2Vyd2FsbCB3 cm90ZToKPiA+IEluIGFkZGl0aW9uIHRvIHRoZSBleGlzdGluZyBhZGRyZXNzIGFuZCBFTEYgbG9h ZCB0eXBlcywgc3BlY2lmeSBhIG5ldwo+ID4gb3B0aW9uYWwgUEUgYmluYXJ5IGxvYWQgdHlwZS4g VGhpcyBuZXcgdHlwZSBpcyBhIHVzZWZ1bCBhZGRpdGlvbiBzaW5jZQo+ID4gUEUgYmluYXJpZXMg Y2FuIGJlIHNpZ25lZCBhbmQgdmVyaWZpZWQgKGkuZS4gdXNlZCB3aXRoIFNlY3VyZSBCb290KS4K Pgo+IEFuZCB0aGUgY29uc2lkZXJhdGlvbiB0byBoYXZlIEVMRiBzaWduYWJsZSAoYnkgd2hhdGV2 ZXIgZXh0ZW5zaW9uIHRvCj4gdGhlIEVMRiBzcGVjKSB3ZW50IG5vd2hlcmU/Cj4KCkknbSBub3Qg c3VyZSBpZiB5b3UncmUgcmVmZXJyaW5nIHRvIHNvbWUgb25nb2luZyB3b3JrIHRvIGNyZWF0ZSBz aWduYWJsZQpFTEZzIHRoYXQgSSdtIG5vdCBhd2FyZSBvZi4KCkkgZGlkbid0IGNob29zZSB0aGF0 IHJvdXRlIGJlY2F1c2U6CgoqIFNpZ25lZCBQRSBiaW5hcmllcyBhcmUgdGhlIGN1cnJlbnQgc3Rh bmRhcmQgZm9yIFNlY3VyZSBCb290LgoKKiBIYXZpbmcgc2lnbmVkIEVMRiBiaW5hcmllcyB3b3Vs ZCBtZWFuIHRoYXQgY29kZSB0byBoYW5kbGUgdGhlbSBuZWVkcwp0byBiZSBhZGRlZCB0byBTaGlt IHdoaWNoIGNvbnRyYXZlbmVzIGl0cyBnb2FscyBvZiBiZWluZyBzbWFsbCBhbmQKc2ltcGxlIHRv IHZlcmlmeS4KCiogSSBjb3VsZCBiZSB3cm9uZyBvbiB0aGlzIGJ1dCB0byBteSBrbm93bGVkZ2Us IHRoZSBFTEYgZm9ybWF0IGlzIG5vdApiZWluZyBhY3RpdmVseSB1cGRhdGVkIG5vciBpcyB0aGUg c3RhbmRhcmQgb3duZWQvbWFpbnRhaW5lZCBieSBhCnNwZWNpZmljIGdyb3VwIHdoaWNoIG1ha2Vz IHVwZGF0aW5nIGl0IGRpZmZpY3VsdC4KCiogVG9vbHMgd291bGQgbmVlZCB0byBiZSB1cGRhdGVk L2RldmVsb3BlZCB0byBhZGQgc3VwcG9ydCBmb3Igc2lnbmluZwpFTEYgYmluYXJpZXMgYW5kIGlu c3BlY3RpbmcgdGhlIHNpZ25hdHVyZXMuCgpJIGFtIG9wZW4gdG8gc3VnZ2VzdGlvbnMgb2YgY291 cnNlIGJ1dCBJJ20gbm90IHN1cmUgd2hhdCBiZW5lZml0cyB0aGVyZQp3b3VsZCBiZSB0byBnb2lu ZyB0aGUgRUxGIHJvdXRlLgoKUm9zcwoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX18KR3J1Yi1kZXZlbCBtYWlsaW5nIGxpc3QKR3J1Yi1kZXZlbEBnbnUub3Jn Cmh0dHBzOi8vbGlzdHMuZ251Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL2dydWItZGV2ZWwK