On 6/11/20 8:13 PM, Laszlo Ersek wrote:
On 06/11/20 17:05, Ard Biesheuvel wrote:
...
If we can ensure that the only bootable images that are exempt from the
secure boot checks are ones that were provided directly by the host
userspace, then I think their position is not unreasonable, given that
the guest is at its mercy anyway.
Thanks.
So... reverting this patch would only affect the behavior of the
QemuLoadKernelImage() API, and that API only consumes fw_cfg. Fw_cfg is
under the control of the host userspace (QEMU implements the fw_cfg
"platform hardware). Does that satisfy your condition ("provided
directly by the host userspace"), or are you referring to any "farther"
origin on the host side, from where the fw_cfg content is originally taken?
No, that is fine. I am just slightly unhappy that any code that happily
circumvents the normal secure/measured boot flow entirely is even
present in the image.
IOW would you involve in this decision the question where on the network
the kernel image is downloaded from (on the host), for example? (I
wouldn't -- for me, the fact that fw_cfg is technically controlled by
QEMU is enough.)
Yes.
FWIW I've reverted the patch downstream (a deadline forced my hand
before we could conclude this upstream thread, and the use cases that
had regressed are considered important), but I really dislike that
divergence from upstream. I'd like to eliminate that downstream patch
when we rebase to a subsequent stable tag.
Since we're on list:
Acked-by: Ard Biesheuvel <ard.biesheu...@arm.com>
on a revert of ced77332cab626f35fbdb36630be27303d289d79. Merge it
whenever you see fit.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#61169): https://edk2.groups.io/g/devel/message/61169
Mute This Topic: https://groups.io/mt/71749529/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
