* [PATCH] efi: Add SHIM and image security database GUID definitions @ 2016-10-25 17:42 Josh Boyer [not found] ` <20161025174209.29073-1-jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org> 0 siblings, 1 reply; 8+ messages in thread From: Josh Boyer @ 2016-10-25 17:42 UTC (permalink / raw) To: Matt Fleming, Ard Biesheuvel; +Cc: linux-efi-u79uwXL29TY76Z2rM5mHXA Add the definitions for shim and image security database, both of which are used widely in various Linux distros. Signed-off-by: Josh Boyer <jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org> --- include/linux/efi.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/linux/efi.h b/include/linux/efi.h index 2d089487d2da..ce943d5accfd 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -592,6 +592,9 @@ void efi_native_runtime_setup(void); #define EFI_MEMORY_ATTRIBUTES_TABLE_GUID EFI_GUID(0xdcfa911d, 0x26eb, 0x469f, 0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20) #define EFI_CONSOLE_OUT_DEVICE_GUID EFI_GUID(0xd3b36f2c, 0xd551, 0x11d4, 0x9a, 0x46, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0x4d) +#define EFI_IMAGE_SECURITY_DATABASE_GUID EFI_GUID(0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f) +#define EFI_SHIM_LOCK_GUID EFI_GUID(0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23) + /* * This GUID is used to pass to the kernel proper the struct screen_info * structure that was populated by the stub based on the GOP protocol instance -- 2.9.3 ^ permalink raw reply related [flat|nested] 8+ messages in thread
[parent not found: <20161025174209.29073-1-jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org>]
* Re: [PATCH] efi: Add SHIM and image security database GUID definitions [not found] ` <20161025174209.29073-1-jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org> @ 2016-10-25 17:44 ` Ard Biesheuvel [not found] ` <CAKv+Gu8jkPMG4KGjg+UTeuLOe6m=g3KMKsC=BgwVegyBYnHm0g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 0 siblings, 1 reply; 8+ messages in thread From: Ard Biesheuvel @ 2016-10-25 17:44 UTC (permalink / raw) To: Josh Boyer; +Cc: Matt Fleming, linux-efi-u79uwXL29TY76Z2rM5mHXA Hi Josh, On 25 October 2016 at 18:42, Josh Boyer <jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org> wrote: > Add the definitions for shim and image security database, both of which > are used widely in various Linux distros. > > Signed-off-by: Josh Boyer <jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org> > --- > include/linux/efi.h | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/include/linux/efi.h b/include/linux/efi.h > index 2d089487d2da..ce943d5accfd 100644 > --- a/include/linux/efi.h > +++ b/include/linux/efi.h > @@ -592,6 +592,9 @@ void efi_native_runtime_setup(void); > #define EFI_MEMORY_ATTRIBUTES_TABLE_GUID EFI_GUID(0xdcfa911d, 0x26eb, 0x469f, 0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20) > #define EFI_CONSOLE_OUT_DEVICE_GUID EFI_GUID(0xd3b36f2c, 0xd551, 0x11d4, 0x9a, 0x46, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0x4d) > > +#define EFI_IMAGE_SECURITY_DATABASE_GUID EFI_GUID(0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f) > +#define EFI_SHIM_LOCK_GUID EFI_GUID(0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23) > + Given that this patch is not part of the series, could you explain what the point is of having these definitions in the kernel if they are never referenced? ^ permalink raw reply [flat|nested] 8+ messages in thread
[parent not found: <CAKv+Gu8jkPMG4KGjg+UTeuLOe6m=g3KMKsC=BgwVegyBYnHm0g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>]
* Re: [PATCH] efi: Add SHIM and image security database GUID definitions [not found] ` <CAKv+Gu8jkPMG4KGjg+UTeuLOe6m=g3KMKsC=BgwVegyBYnHm0g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> @ 2016-10-25 17:44 ` Ard Biesheuvel 2016-10-25 18:04 ` Josh Boyer 1 sibling, 0 replies; 8+ messages in thread From: Ard Biesheuvel @ 2016-10-25 17:44 UTC (permalink / raw) To: Josh Boyer; +Cc: Matt Fleming, linux-efi-u79uwXL29TY76Z2rM5mHXA On 25 October 2016 at 18:44, Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org> wrote: > Hi Josh, > > On 25 October 2016 at 18:42, Josh Boyer <jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org> wrote: >> Add the definitions for shim and image security database, both of which >> are used widely in various Linux distros. >> >> Signed-off-by: Josh Boyer <jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org> >> --- >> include/linux/efi.h | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/include/linux/efi.h b/include/linux/efi.h >> index 2d089487d2da..ce943d5accfd 100644 >> --- a/include/linux/efi.h >> +++ b/include/linux/efi.h >> @@ -592,6 +592,9 @@ void efi_native_runtime_setup(void); >> #define EFI_MEMORY_ATTRIBUTES_TABLE_GUID EFI_GUID(0xdcfa911d, 0x26eb, 0x469f, 0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20) >> #define EFI_CONSOLE_OUT_DEVICE_GUID EFI_GUID(0xd3b36f2c, 0xd551, 0x11d4, 0x9a, 0x46, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0x4d) >> >> +#define EFI_IMAGE_SECURITY_DATABASE_GUID EFI_GUID(0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f) >> +#define EFI_SHIM_LOCK_GUID EFI_GUID(0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23) >> + > > Given that this patch is not part of the series, could you explain *a* series > what the point is of having these definitions in the kernel if they > are never referenced? ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] efi: Add SHIM and image security database GUID definitions [not found] ` <CAKv+Gu8jkPMG4KGjg+UTeuLOe6m=g3KMKsC=BgwVegyBYnHm0g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2016-10-25 17:44 ` Ard Biesheuvel @ 2016-10-25 18:04 ` Josh Boyer [not found] ` <CA+5PVA53Tf2QVN0j0JFO9_v-hGbsg9HByOGGfLCGsgeGCz5UKA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 1 sibling, 1 reply; 8+ messages in thread From: Josh Boyer @ 2016-10-25 18:04 UTC (permalink / raw) To: Ard Biesheuvel; +Cc: Matt Fleming, linux-efi-u79uwXL29TY76Z2rM5mHXA On Tue, Oct 25, 2016 at 1:44 PM, Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org> wrote: > Hi Josh, > > On 25 October 2016 at 18:42, Josh Boyer <jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org> wrote: >> Add the definitions for shim and image security database, both of which >> are used widely in various Linux distros. >> >> Signed-off-by: Josh Boyer <jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org> >> --- >> include/linux/efi.h | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/include/linux/efi.h b/include/linux/efi.h >> index 2d089487d2da..ce943d5accfd 100644 >> --- a/include/linux/efi.h >> +++ b/include/linux/efi.h >> @@ -592,6 +592,9 @@ void efi_native_runtime_setup(void); >> #define EFI_MEMORY_ATTRIBUTES_TABLE_GUID EFI_GUID(0xdcfa911d, 0x26eb, 0x469f, 0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20) >> #define EFI_CONSOLE_OUT_DEVICE_GUID EFI_GUID(0xd3b36f2c, 0xd551, 0x11d4, 0x9a, 0x46, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0x4d) >> >> +#define EFI_IMAGE_SECURITY_DATABASE_GUID EFI_GUID(0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f) >> +#define EFI_SHIM_LOCK_GUID EFI_GUID(0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23) >> + > > Given that this patch is not part of the series, could you explain > what the point is of having these definitions in the kernel if they > are never referenced? Sure. The idea is to make sure a commonly used definition is both accessible and reserved in the kernel. At the moment, most of the major distros are carrying a similar patch and projects like mokutil and xen are defining it themselves. josh ^ permalink raw reply [flat|nested] 8+ messages in thread
[parent not found: <CA+5PVA53Tf2QVN0j0JFO9_v-hGbsg9HByOGGfLCGsgeGCz5UKA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>]
* Re: [PATCH] efi: Add SHIM and image security database GUID definitions [not found] ` <CA+5PVA53Tf2QVN0j0JFO9_v-hGbsg9HByOGGfLCGsgeGCz5UKA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> @ 2016-10-25 18:15 ` David Daney [not found] ` <580FA136.80006-M3mlKVOIwJVv6pq1l3V1OdBPR1lH4CV8@public.gmane.org> 0 siblings, 1 reply; 8+ messages in thread From: David Daney @ 2016-10-25 18:15 UTC (permalink / raw) To: Josh Boyer; +Cc: Ard Biesheuvel, Matt Fleming, linux-efi-u79uwXL29TY76Z2rM5mHXA On 10/25/2016 11:04 AM, Josh Boyer wrote: > On Tue, Oct 25, 2016 at 1:44 PM, Ard Biesheuvel > <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org> wrote: >> Hi Josh, >> >> On 25 October 2016 at 18:42, Josh Boyer <jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org> wrote: >>> Add the definitions for shim and image security database, both of which >>> are used widely in various Linux distros. >>> >>> Signed-off-by: Josh Boyer <jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org> >>> --- >>> include/linux/efi.h | 3 +++ >>> 1 file changed, 3 insertions(+) >>> >>> diff --git a/include/linux/efi.h b/include/linux/efi.h >>> index 2d089487d2da..ce943d5accfd 100644 >>> --- a/include/linux/efi.h >>> +++ b/include/linux/efi.h >>> @@ -592,6 +592,9 @@ void efi_native_runtime_setup(void); >>> #define EFI_MEMORY_ATTRIBUTES_TABLE_GUID EFI_GUID(0xdcfa911d, 0x26eb, 0x469f, 0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20) >>> #define EFI_CONSOLE_OUT_DEVICE_GUID EFI_GUID(0xd3b36f2c, 0xd551, 0x11d4, 0x9a, 0x46, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0x4d) >>> >>> +#define EFI_IMAGE_SECURITY_DATABASE_GUID EFI_GUID(0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f) >>> +#define EFI_SHIM_LOCK_GUID EFI_GUID(0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23) >>> + >> >> Given that this patch is not part of the series, could you explain >> what the point is of having these definitions in the kernel if they >> are never referenced? > > Sure. > > The idea is to make sure a commonly used definition is both accessible > and reserved in the kernel. It is not in a uapi directory, so it cannot be used outside of the kernel. If it is not referenced in the kernel, there is no reason to add it. It is a GUID, you don't have to reserve it. By its very nature it will always exist and be immutable. You can add it at the time that it is actually used without fear that someone else will generate a conflicting definition. > At the moment, most of the major distros > are carrying a similar patch and projects like mokutil and xen are > defining it themselves. > > josh > -- > To unsubscribe from this list: send the line "unsubscribe linux-efi" in > the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > ^ permalink raw reply [flat|nested] 8+ messages in thread
[parent not found: <580FA136.80006-M3mlKVOIwJVv6pq1l3V1OdBPR1lH4CV8@public.gmane.org>]
* Re: [PATCH] efi: Add SHIM and image security database GUID definitions [not found] ` <580FA136.80006-M3mlKVOIwJVv6pq1l3V1OdBPR1lH4CV8@public.gmane.org> @ 2016-10-25 18:25 ` Josh Boyer [not found] ` <CA+5PVA4-BnZWv2rktX+LrQT-N6jd8bT-FKgvxi8E4xDhNsruRg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 0 siblings, 1 reply; 8+ messages in thread From: Josh Boyer @ 2016-10-25 18:25 UTC (permalink / raw) To: David Daney Cc: Ard Biesheuvel, Matt Fleming, linux-efi-u79uwXL29TY76Z2rM5mHXA On Tue, Oct 25, 2016 at 2:15 PM, David Daney <ddaney-M3mlKVOIwJVv6pq1l3V1OdBPR1lH4CV8@public.gmane.org> wrote: > On 10/25/2016 11:04 AM, Josh Boyer wrote: >> >> On Tue, Oct 25, 2016 at 1:44 PM, Ard Biesheuvel >> <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org> wrote: >>> >>> Hi Josh, >>> >>> On 25 October 2016 at 18:42, Josh Boyer <jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org> >>> wrote: >>>> >>>> Add the definitions for shim and image security database, both of which >>>> are used widely in various Linux distros. >>>> >>>> Signed-off-by: Josh Boyer <jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org> >>>> --- >>>> include/linux/efi.h | 3 +++ >>>> 1 file changed, 3 insertions(+) >>>> >>>> diff --git a/include/linux/efi.h b/include/linux/efi.h >>>> index 2d089487d2da..ce943d5accfd 100644 >>>> --- a/include/linux/efi.h >>>> +++ b/include/linux/efi.h >>>> @@ -592,6 +592,9 @@ void efi_native_runtime_setup(void); >>>> #define EFI_MEMORY_ATTRIBUTES_TABLE_GUID EFI_GUID(0xdcfa911d, >>>> 0x26eb, 0x469f, 0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20) >>>> #define EFI_CONSOLE_OUT_DEVICE_GUID EFI_GUID(0xd3b36f2c, >>>> 0xd551, 0x11d4, 0x9a, 0x46, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0x4d) >>>> >>>> +#define EFI_IMAGE_SECURITY_DATABASE_GUID EFI_GUID(0xd719b2cb, >>>> 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f) >>>> +#define EFI_SHIM_LOCK_GUID >>>> EFI_GUID(0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, >>>> 0x8b, 0x23) >>>> + >>> >>> >>> Given that this patch is not part of the series, could you explain >>> what the point is of having these definitions in the kernel if they >>> are never referenced? >> >> >> Sure. >> >> The idea is to make sure a commonly used definition is both accessible >> and reserved in the kernel. > > > It is not in a uapi directory, so it cannot be used outside of the kernel. Fair point. Would there be value in creating an efi.h in uapi so that it can serve as the canonical source? josh ^ permalink raw reply [flat|nested] 8+ messages in thread
[parent not found: <CA+5PVA4-BnZWv2rktX+LrQT-N6jd8bT-FKgvxi8E4xDhNsruRg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>]
* Re: [PATCH] efi: Add SHIM and image security database GUID definitions [not found] ` <CA+5PVA4-BnZWv2rktX+LrQT-N6jd8bT-FKgvxi8E4xDhNsruRg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> @ 2016-10-25 19:59 ` David Daney [not found] ` <580FB996.9000302-M3mlKVOIwJVv6pq1l3V1OdBPR1lH4CV8@public.gmane.org> 0 siblings, 1 reply; 8+ messages in thread From: David Daney @ 2016-10-25 19:59 UTC (permalink / raw) To: Josh Boyer; +Cc: Ard Biesheuvel, Matt Fleming, linux-efi-u79uwXL29TY76Z2rM5mHXA On 10/25/2016 11:25 AM, Josh Boyer wrote: > On Tue, Oct 25, 2016 at 2:15 PM, David Daney <ddaney-M3mlKVOIwJVv6pq1l3V1OdBPR1lH4CV8@public.gmane.org> wrote: >> On 10/25/2016 11:04 AM, Josh Boyer wrote: >>> >>> On Tue, Oct 25, 2016 at 1:44 PM, Ard Biesheuvel >>> <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org> wrote: >>>> >>>> Hi Josh, >>>> >>>> On 25 October 2016 at 18:42, Josh Boyer <jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org> >>>> wrote: >>>>> >>>>> Add the definitions for shim and image security database, both of which >>>>> are used widely in various Linux distros. >>>>> >>>>> Signed-off-by: Josh Boyer <jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org> >>>>> --- >>>>> include/linux/efi.h | 3 +++ >>>>> 1 file changed, 3 insertions(+) >>>>> >>>>> diff --git a/include/linux/efi.h b/include/linux/efi.h >>>>> index 2d089487d2da..ce943d5accfd 100644 >>>>> --- a/include/linux/efi.h >>>>> +++ b/include/linux/efi.h >>>>> @@ -592,6 +592,9 @@ void efi_native_runtime_setup(void); >>>>> #define EFI_MEMORY_ATTRIBUTES_TABLE_GUID EFI_GUID(0xdcfa911d, >>>>> 0x26eb, 0x469f, 0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20) >>>>> #define EFI_CONSOLE_OUT_DEVICE_GUID EFI_GUID(0xd3b36f2c, >>>>> 0xd551, 0x11d4, 0x9a, 0x46, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0x4d) >>>>> >>>>> +#define EFI_IMAGE_SECURITY_DATABASE_GUID EFI_GUID(0xd719b2cb, >>>>> 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f) >>>>> +#define EFI_SHIM_LOCK_GUID >>>>> EFI_GUID(0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, >>>>> 0x8b, 0x23) >>>>> + >>>> >>>> >>>> Given that this patch is not part of the series, could you explain >>>> what the point is of having these definitions in the kernel if they >>>> are never referenced? >>> >>> >>> Sure. >>> >>> The idea is to make sure a commonly used definition is both accessible >>> and reserved in the kernel. >> >> >> It is not in a uapi directory, so it cannot be used outside of the kernel. > > Fair point. Would there be value in creating an efi.h in uapi so that > it can serve as the canonical source? I doubt it. The kernel source tree is not meant to serve as an authoritative registry for assigned numbers used by external projects. > > josh > ^ permalink raw reply [flat|nested] 8+ messages in thread
[parent not found: <580FB996.9000302-M3mlKVOIwJVv6pq1l3V1OdBPR1lH4CV8@public.gmane.org>]
* Re: [PATCH] efi: Add SHIM and image security database GUID definitions [not found] ` <580FB996.9000302-M3mlKVOIwJVv6pq1l3V1OdBPR1lH4CV8@public.gmane.org> @ 2016-10-26 8:01 ` Ard Biesheuvel 0 siblings, 0 replies; 8+ messages in thread From: Ard Biesheuvel @ 2016-10-26 8:01 UTC (permalink / raw) To: David Daney; +Cc: Josh Boyer, Matt Fleming, linux-efi-u79uwXL29TY76Z2rM5mHXA On 25 October 2016 at 20:59, David Daney <ddaney-M3mlKVOIwJVv6pq1l3V1OdBPR1lH4CV8@public.gmane.org> wrote: > On 10/25/2016 11:25 AM, Josh Boyer wrote: >> >> On Tue, Oct 25, 2016 at 2:15 PM, David Daney <ddaney-M3mlKVOIwJVv6pq1l3V1OdBPR1lH4CV8@public.gmane.org> >> wrote: >>> >>> On 10/25/2016 11:04 AM, Josh Boyer wrote: >>>> >>>> >>>> On Tue, Oct 25, 2016 at 1:44 PM, Ard Biesheuvel >>>> <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org> wrote: >>>>> >>>>> >>>>> Hi Josh, >>>>> >>>>> On 25 October 2016 at 18:42, Josh Boyer <jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org> >>>>> wrote: >>>>>> >>>>>> >>>>>> Add the definitions for shim and image security database, both of >>>>>> which >>>>>> are used widely in various Linux distros. >>>>>> >>>>>> Signed-off-by: Josh Boyer <jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org> >>>>>> --- >>>>>> include/linux/efi.h | 3 +++ >>>>>> 1 file changed, 3 insertions(+) >>>>>> >>>>>> diff --git a/include/linux/efi.h b/include/linux/efi.h >>>>>> index 2d089487d2da..ce943d5accfd 100644 >>>>>> --- a/include/linux/efi.h >>>>>> +++ b/include/linux/efi.h >>>>>> @@ -592,6 +592,9 @@ void efi_native_runtime_setup(void); >>>>>> #define EFI_MEMORY_ATTRIBUTES_TABLE_GUID EFI_GUID(0xdcfa911d, >>>>>> 0x26eb, 0x469f, 0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20) >>>>>> #define EFI_CONSOLE_OUT_DEVICE_GUID EFI_GUID(0xd3b36f2c, >>>>>> 0xd551, 0x11d4, 0x9a, 0x46, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0x4d) >>>>>> >>>>>> +#define EFI_IMAGE_SECURITY_DATABASE_GUID EFI_GUID(0xd719b2cb, >>>>>> 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f) >>>>>> +#define EFI_SHIM_LOCK_GUID >>>>>> EFI_GUID(0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, >>>>>> 0xdd, >>>>>> 0x8b, 0x23) >>>>>> + >>>>> >>>>> >>>>> >>>>> Given that this patch is not part of the series, could you explain >>>>> what the point is of having these definitions in the kernel if they >>>>> are never referenced? >>>> >>>> >>>> >>>> Sure. >>>> >>>> The idea is to make sure a commonly used definition is both accessible >>>> and reserved in the kernel. >>> >>> >>> >>> It is not in a uapi directory, so it cannot be used outside of the >>> kernel. >> >> >> Fair point. Would there be value in creating an efi.h in uapi so that >> it can serve as the canonical source? > > > I doubt it. The kernel source tree is not meant to serve as an > authoritative registry for assigned numbers used by external projects. > I have to say I tend to agree here. These GUIDs are contracts between GRUB, shim and MokManager (IIUC), and apparently, these contracts are not codified anywhere in a canonical header file that is shared between these projects. That itself seems like a problem, given that those projects needs to agree on the *meaning* of these GUIDs as well. ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2016-10-26 8:01 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2016-10-25 17:42 [PATCH] efi: Add SHIM and image security database GUID definitions Josh Boyer [not found] ` <20161025174209.29073-1-jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org> 2016-10-25 17:44 ` Ard Biesheuvel [not found] ` <CAKv+Gu8jkPMG4KGjg+UTeuLOe6m=g3KMKsC=BgwVegyBYnHm0g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2016-10-25 17:44 ` Ard Biesheuvel 2016-10-25 18:04 ` Josh Boyer [not found] ` <CA+5PVA53Tf2QVN0j0JFO9_v-hGbsg9HByOGGfLCGsgeGCz5UKA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2016-10-25 18:15 ` David Daney [not found] ` <580FA136.80006-M3mlKVOIwJVv6pq1l3V1OdBPR1lH4CV8@public.gmane.org> 2016-10-25 18:25 ` Josh Boyer [not found] ` <CA+5PVA4-BnZWv2rktX+LrQT-N6jd8bT-FKgvxi8E4xDhNsruRg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2016-10-25 19:59 ` David Daney [not found] ` <580FB996.9000302-M3mlKVOIwJVv6pq1l3V1OdBPR1lH4CV8@public.gmane.org> 2016-10-26 8:01 ` Ard Biesheuvel
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).