[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] docs: UEFI Secure Boot security policy

To: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
From: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Date: Fri, 13 Jun 2025 13:14:01 -0700 (PDT)
Cc: Jan Beulich <jbeulich@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Trammell Hudson <hudson@xxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxx>, Frediano Ziglio <frediano.ziglio@xxxxxxxxx>, Gerald Elder-Vass <gerald.elder-vass@xxxxxxxxx>, Kevin Lampis <kevin.lampis@xxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Delivery-date: Fri, 13 Jun 2025 20:14:26 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Fri, 13 Jun 2025, Marek Marczykowski-Górecki wrote:
> On Fri, Jun 13, 2025 at 08:35:26AM +0200, Jan Beulich wrote:
> > On 12.06.2025 23:32, Stefano Stabellini wrote:
> > > On Thu, 12 Jun 2025, Andrew Cooper wrote:
> > >> +Support in Xen
> > >> +--------------
> > >> +
> > >> +There are multiple ways to achieve this security goal, with differing
> > >> +tradeoffs for the eventual system.
> > >> +
> > >> +On one end of the spectrum is the Unified Kernel Image.  e.g. Xen is 
> > >> bundled
> > >> +with the dom0 kernel and init-ramdisk, with an embedded command line, 
> > >> and with
> > >> +livepatching and kexec compiled out, and suitably signed.  The 
> > >> signature is
> > >> +checked by the bootloader and, as this covers all the privileged code, 
> > >> Xen
> > >> +doesn't need to perform further checks itself.
> > >> +
> > >> +On the other end of the spectrum is maintaining the features of existing
> > >> +deployments.  e.g. Xen needs signature checking capabilities for the 
> > >> dom0
> > >> +kernel, livepatches and kexec kernels, and needs to allow the use of 
> > >> safe
> > >> +command line options while disallowing unsafe ones.
> > > 
> > > I just wanted to mention that there is one more option which I used in
> > > the past: the firmware/bootloader loads Xen, the Dom0 kernel, and other
> > > binaries, check their signatures, then boot Xen.
> > > 
> > > This is similar to the "Unified Kernel Image" approach in the sense that
> > > Xen doesn't need to do any signature checking for the dom0 kernel, but
> > > it doesn't require all the binaries to be glued together.
> > > 
> > > Assuming that the firmware/bootloader is capable of loading multiple
> > > binaries and checking the signature of multiple binaries before booting
> > > the next element, it works fine.
> > 
> > How would an initrd, a ucode blob, or an XSM policy blob be signed?
> 
> At least grub supports gpg detached signatures, and can be configured to
> require them.

That's right. U-boot supports something similar as well.

References:
- [PATCH] docs: UEFI Secure Boot security policy
  - From: Andrew Cooper
- Re: [PATCH] docs: UEFI Secure Boot security policy
  - From: Stefano Stabellini
- Re: [PATCH] docs: UEFI Secure Boot security policy
  - From: Jan Beulich
- Re: [PATCH] docs: UEFI Secure Boot security policy
  - From: Marek Marczykowski-Górecki

Prev by Date: Re: [PATCH v1 2/2] xen/domain: introduce generic weak function for domain struct allocation
Next by Date: Re: [PATCH 1/3] x86/EFI: Fix detection of buildid
Previous by thread: Re: [PATCH] docs: UEFI Secure Boot security policy
Next by thread: Re: [PATCH] docs: UEFI Secure Boot security policy
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.