All of lore.kernel.org
 help / color / mirror / Atom feed
From: Ard Biesheuvel <ardb@kernel.org>
To: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Daniel Kiper <daniel.kiper@oracle.com>,
	Alec Brown <alec.r.brown@oracle.com>,
	Kanth Ghatraju <kanth.ghatraju@oracle.com>,
	Ross Philipson <ross.philipson@oracle.com>,
	"dpsmith@apertussolutions.com" <dpsmith@apertussolutions.com>,
	"piotr.krol@3mdeb.com" <piotr.krol@3mdeb.com>,
	"krystian.hebel@3mdeb.com" <krystian.hebel@3mdeb.com>,
	"persaur@gmail.com" <persaur@gmail.com>,
	"Yoder, Stuart" <stuart.yoder@arm.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	"michal.zygowski@3mdeb.com" <michal.zygowski@3mdeb.com>,
	James Bottomley <James.Bottomley@hansenpartnership.com>,
	"lukasz@hawrylko.pl" <lukasz@hawrylko.pl>,
	linux-efi <linux-efi@vger.kernel.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	The development of GNU GRUB <grub-devel@gnu.org>,
	Kees Cook <keescook@chromium.org>
Subject: Re: Linux DRTM on UEFI platforms
Date: Wed, 30 Mar 2022 09:23:17 +0200	[thread overview]
Message-ID: <CAMj1kXHfw75GphiewQzbA-swsMD3AGunyhc9HSue_xqrHt9GhQ@mail.gmail.com> (raw)
In-Reply-To: <20220330071859.GA992@srcf.ucam.org>

On Wed, 30 Mar 2022 at 09:19, Matthew Garrett <mjg59@srcf.ucam.org> wrote:
>
> On Wed, Mar 30, 2022 at 09:12:19AM +0200, Ard Biesheuvel wrote:
> > On Wed, 30 Mar 2022 at 09:11, Matthew Garrett <mjg59@srcf.ucam.org> wrote:
> > > The EFI stub carries out a bunch of actions that have meaningful
> > > security impact, and that's material that should be measured. Having the
> > > secure launch kernel execute the stub without awareness of what it does
> > > means it would need to measure the code without measuring the state,
> > > while the goal of DRTM solutions is to measure state rather than the
> > > code.
> >
> > But how is that any different from the early kernel code?
>
> From a conceptual perspective we've thought of the EFI stub as being
> logically part of the bootloader rather than the early kernel, and the
> bootloader is a point where the line is drawn. My guy feeling is that
> jumping into the secure kernel environment before EBS has been called is
> likely to end badly.

If you jump back into the system firmware, sure.

But the point I was trying to make is that you can replace that with
your own minimal implementation of EFI that just exposes a memory map
and some protocols and nothing else, and then the secure launch kernel
would be entirely in charge of the execution environment.

In fact, I have been experimenting with running the EFI stub
unprivileged on arm64, which would give the secure launch kernel very
tight control over what goes on between the stub entry and
ExitBootServices(). I would be happy to entertain patches that remove
any issues that complicate running the stub unprivileged for x86 or
other architectures.

  reply	other threads:[~2022-03-30  7:24 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-03-29 17:40 Linux DRTM on UEFI platforms Matthew Garrett
2022-03-30  7:02 ` Ard Biesheuvel
2022-03-30  7:11   ` Matthew Garrett
2022-03-30  7:12     ` Ard Biesheuvel
2022-03-30  7:18       ` Matthew Garrett
2022-03-30  7:23         ` Ard Biesheuvel [this message]
2022-03-30  7:27           ` Matthew Garrett
2022-03-30  7:39             ` Ard Biesheuvel
2022-03-30 12:46               ` James Bottomley
2022-03-31  0:35   ` Daniel P. Smith
2022-03-31  7:13     ` Ard Biesheuvel
2022-03-31 10:59       ` Heinrich Schuchardt
2022-05-19 20:57       ` Daniel P. Smith
2022-05-19 20:57 ` Daniel P. Smith
2022-06-10 16:40   ` Ard Biesheuvel
2022-07-05 18:35     ` Daniel P. Smith
2022-07-06  0:03       ` Brendan Trotter
2022-07-06  0:12         ` Matthew Garrett
2022-07-07  9:46         ` Daniel P. Smith
2022-07-08  3:36           ` Brendan Trotter
2022-07-08  4:56             ` Matthew Garrett
2022-07-22 17:23             ` Daniel P. Smith
2022-07-23  5:15               ` Brendan Trotter
2022-08-09 10:53                 ` Daniel P. Smith
2022-08-10  9:07                   ` Brendan Trotter
2022-08-10 17:46                     ` Matthew Garrett
2022-08-11  9:55                       ` Brendan Trotter
2022-08-11 11:34                         ` Daniel Kiper
2022-08-11 18:25                         ` Matthew Garrett
2022-08-12  3:22                           ` Brendan Trotter
2022-08-12  5:54                             ` Matthew Garrett
2022-08-05 12:53       ` Ard Biesheuvel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAMj1kXHfw75GphiewQzbA-swsMD3AGunyhc9HSue_xqrHt9GhQ@mail.gmail.com \
    --to=ardb@kernel.org \
    --cc=James.Bottomley@hansenpartnership.com \
    --cc=alec.r.brown@oracle.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=daniel.kiper@oracle.com \
    --cc=dpsmith@apertussolutions.com \
    --cc=grub-devel@gnu.org \
    --cc=kanth.ghatraju@oracle.com \
    --cc=keescook@chromium.org \
    --cc=krystian.hebel@3mdeb.com \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lukasz@hawrylko.pl \
    --cc=michal.zygowski@3mdeb.com \
    --cc=mjg59@srcf.ucam.org \
    --cc=persaur@gmail.com \
    --cc=piotr.krol@3mdeb.com \
    --cc=ross.philipson@oracle.com \
    --cc=stuart.yoder@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.