From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB3C0C4360F for ; Tue, 2 Apr 2019 23:31:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id BC49C2084B for ; Tue, 2 Apr 2019 23:31:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726155AbfDBXbc (ORCPT ); Tue, 2 Apr 2019 19:31:32 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:48876 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725912AbfDBXbb (ORCPT ); Tue, 2 Apr 2019 19:31:31 -0400 Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x32NSgKr001687 for ; Tue, 2 Apr 2019 19:31:30 -0400 Received: from e31.co.us.ibm.com (e31.co.us.ibm.com [32.97.110.149]) by mx0a-001b2d01.pphosted.com with ESMTP id 2rmg3e36nk-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 02 Apr 2019 19:31:30 -0400 Received: from localhost by e31.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 3 Apr 2019 00:31:29 +0100 Received: from b03cxnp08025.gho.boulder.ibm.com (9.17.130.17) by e31.co.us.ibm.com (192.168.1.131) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Wed, 3 Apr 2019 00:31:24 +0100 Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x32NVNwT30867688 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 2 Apr 2019 23:31:24 GMT Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D8B87BE056; Tue, 2 Apr 2019 23:31:23 +0000 (GMT) Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 49305BE058; Tue, 2 Apr 2019 23:31:21 +0000 (GMT) Received: from [9.18.235.111] (unknown [9.18.235.111]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Tue, 2 Apr 2019 23:31:20 +0000 (GMT) Subject: Re: [PATCH 0/4] Enabling secure boot on PowerNV systems To: Matthew Garrett Cc: linuxppc-dev@ozlabs.org, linux-efi , linux-integrity , Linux Kernel Mailing List , Michael Ellerman , Paul Mackerras , Benjamin Herrenschmidt , Ard Biesheuvel , Jeremy Kerr , Matthew Garret , Nayna Jain References: <20190402181505.25037-1-cclaudio@linux.ibm.com> <4ce5e057-0702-b0d5-7bb2-cea5b22e2efa@linux.ibm.com> From: Claudio Carvalho Date: Tue, 2 Apr 2019 20:31:19 -0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US X-TM-AS-GCONF: 00 x-cbid: 19040223-8235-0000-0000-00000E78A12B X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00010863; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000284; SDB=6.01183465; UDB=6.00619586; IPR=6.00964213; MB=3.00026266; MTD=3.00000008; XFM=3.00000015; UTC=2019-04-02 23:31:28 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19040223-8236-0000-0000-00004500EEB7 Message-Id: <2208f156-d441-3082-2f4c-8030c84ef788@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-04-02_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904020153 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org On 4/2/19 6:51 PM, Matthew Garrett wrote: > On Tue, Apr 2, 2019 at 2:11 PM Claudio Carvalho wrote: >> We want to use the efivarfs for compatibility with existing userspace >> tools. We will track and match any EFI changes that affect us. > So you implement the full PK/KEK/db/dbx/dbt infrastructure, and > updates are signed in the same way? For the first version, our firmware will implement a simplistic PK, KEK and db infrastructure (without dbx and dbt) where only the Setup and User modes will be supported. PK, KEK and db updates will be signed the same way, that is, using userspace tooling like efitools in PowerNV. As for the authentication descriptors, only the EFI_VARIABLE_AUTHENTICATION_2 descriptor will be supported. >> Our use case is restricted to secure boot - this is not going to be a >> general purpose EFI variable implementation. > In that case we might be better off with a generic interface for this > purpose that we can expose on all platforms that implement a secure > boot key hierarchy. Having an efivarfs that doesn't allow the creation > of arbitrary attributes may break other existing userland > expectations. > For what it's worth, gsmi uses the efivars infrastructure for EFI-like variables. What might a generic interface look like?  It would have to work for existing secure boot solutions - including EFI - which would seem to imply changes to userspace tools. Claudio