[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] docs: UEFI Secure Boot security policy

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 13 Jun 2025 15:12:34 +0200
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Trammell Hudson <hudson@xxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxx>, Frediano Ziglio <frediano.ziglio@xxxxxxxxx>, Gerald Elder-Vass <gerald.elder-vass@xxxxxxxxx>, Kevin Lampis <kevin.lampis@xxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Delivery-date: Fri, 13 Jun 2025 13:12:51 +0000
Feedback-id: i1568416f:Fastmail
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Fri, Jun 13, 2025 at 08:35:26AM +0200, Jan Beulich wrote:
> On 12.06.2025 23:32, Stefano Stabellini wrote:
> > On Thu, 12 Jun 2025, Andrew Cooper wrote:
> >> +Support in Xen
> >> +--------------
> >> +
> >> +There are multiple ways to achieve this security goal, with differing
> >> +tradeoffs for the eventual system.
> >> +
> >> +On one end of the spectrum is the Unified Kernel Image.  e.g. Xen is 
> >> bundled
> >> +with the dom0 kernel and init-ramdisk, with an embedded command line, and 
> >> with
> >> +livepatching and kexec compiled out, and suitably signed.  The signature 
> >> is
> >> +checked by the bootloader and, as this covers all the privileged code, Xen
> >> +doesn't need to perform further checks itself.
> >> +
> >> +On the other end of the spectrum is maintaining the features of existing
> >> +deployments.  e.g. Xen needs signature checking capabilities for the dom0
> >> +kernel, livepatches and kexec kernels, and needs to allow the use of safe
> >> +command line options while disallowing unsafe ones.
> > 
> > I just wanted to mention that there is one more option which I used in
> > the past: the firmware/bootloader loads Xen, the Dom0 kernel, and other
> > binaries, check their signatures, then boot Xen.
> > 
> > This is similar to the "Unified Kernel Image" approach in the sense that
> > Xen doesn't need to do any signature checking for the dom0 kernel, but
> > it doesn't require all the binaries to be glued together.
> > 
> > Assuming that the firmware/bootloader is capable of loading multiple
> > binaries and checking the signature of multiple binaries before booting
> > the next element, it works fine.
> 
> How would an initrd, a ucode blob, or an XSM policy blob be signed?

At least grub supports gpg detached signatures, and can be configured to
require them.

-- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: [PATCH] docs: UEFI Secure Boot security policy
  - From: Stefano Stabellini

References:
- [PATCH] docs: UEFI Secure Boot security policy
  - From: Andrew Cooper
- Re: [PATCH] docs: UEFI Secure Boot security policy
  - From: Stefano Stabellini
- Re: [PATCH] docs: UEFI Secure Boot security policy
  - From: Jan Beulich

Prev by Date: Re: [PATCH v5] x86/hvmloader: select xen platform pci MMIO BAR UC or WB MTRR cache attribute
Next by Date: Re: [PATCH v3 2/2] xen/char: implement suspend/resume calls for SCIF driver
Previous by thread: Re: [PATCH] docs: UEFI Secure Boot security policy
Next by thread: Re: [PATCH] docs: UEFI Secure Boot security policy
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.