xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
* Xen Secure Boot and Lockdown WG Meeting Summary - Mon, March 29, 2021
@ 2021-03-31 22:28 Bob Eshleman
  0 siblings, 0 replies; only message in thread
From: Bob Eshleman @ 2021-03-31 22:28 UTC (permalink / raw)
  To: Xen-devel
  Cc: Andrew Cooper, Christopher Clark, Daniel P. Smith, Jan Beulich,
	Marek Marczykowski-Górecki, Michał Żygowski,
	Olivier Lambert, Piotr Król, Rich Persaud,
	Roger Pau Monné,
	Roman Shaposhnik, Trammell Hudson

# Xen Secure Boot and Lockdown

This document summarizes the Xen Secure Boot and Lockdown WG meeting that
occurred on Mon, March 29, 2021.

We identified a list of requirements for locking down a Xen system that
(at least) requires the following:

## Verified Boot Chain

Various projects are underway already to support a verified boot chain that
includes Xen and dom0.

    1. via the EFI loader
        1. Xen already supports verification of itself, the dom0 kernel, and the
           dom0 initrd, via a PE32+ bundle and the EFI loader.
    2. Trenchboot
    3. Add PE/COFF header to mb2 Xen (patches on ML, needs revision), allowing
       shim + grub2.

## Linux Lockdown in Dom0

    1. Needs further testing, but seems to at least nominally work with QubesOS
        1. QubesOS may be benefiting from outsourcing otherwise locked down
           functionality to stubdoms
    3. Integrity checking for initrd
        1. Not an issue for bundled xen.efi

## Xen Lockdown in Dom0

    1. Live patching
    2. Kexec
        1. Will dom0 kexec need extending?  Probably just "plumbing" to work for
           Xen.
    3. /priv/cmd
        1. Violations of SB include:
            1. set_trap_table
            2. mmu_update
            3. ... more ... (TODO: add to this list)
    4. PCI Passthrough
        1. usage of unstable Xen interfaces
        2. PCI BARs mapping in guest
        3. Interrupt routing setup
        4. See other QEMU-related issues below
    5. QEMU
        1. I/O permissions
        2. resets may be an issue
    6. Xen command line
        1. What parts are safe? and unsafe?
        2. Allow safe options from unmeasured source


The living version of this document, to be used to coordinate future work, is
found here:
   https://cryptpad.fr/pad/#/2/pad/edit/IrfCfGH3l1Z2oUGlbBS2kiz6/

Please feel free to add to / edit the above document!

The raw meeting notes can be found here:
   https://cryptpad.fr/pad/#/2/pad/edit/YHfyA-IbuEa3SLe-hsKVEjRC/ 

-- 
Bobby Eshleman
SE at Vates SAS


^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2021-03-31 22:29 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-31 22:28 Xen Secure Boot and Lockdown WG Meeting Summary - Mon, March 29, 2021 Bob Eshleman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).