[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen.efi and secure boot

On Tue, Nov 27, 2012 at 10:51:06AM +0000, George Dunlap wrote:
>    On Mon, Nov 26, 2012 at 6:16 PM, Andrew Cooper
>    <[1]andrew.cooper3@xxxxxxxxxx> wrote:
>      The idea of secure boot is that only signed/verified code can perform
>      privileged operations.  One can argue as to exactly where this boundary
>      lies, but in the native case, it contains any kernel level code.
>      Userspace uses the kernel API/ABI subject to the permissions checks
>      present and (assuming no security holes), everyone is happy.
>    Different people have different opinions on this.  Fedora are signing all
>    the way down to modules, but not user-space; as a result, IIUC, they are
>    ruling out third-party or out-of-tree drivers.

Fedora/Redhat are planning to support custom/out-of-tree drivers by allowing
the user to install trusted custom signing keys, so you can sign the kernel 
using those keys.

The process was described for example in Matthew Garrett's UEFI presentation at 
LinuxCon 2012 NA after XenSummit 2012.

Some info:

"We're planning on using Suse's approach of permitting local key management at 
the shim level, and I spent some time discussing this with Vojtech last week. 
In combination with the above, this should provide a workable mechanism for 
permitting the end-user to install module signing keys."

-- Pasi

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.