From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1lMmiF-0007iP-RK for mharc-grub-devel@gnu.org; Thu, 18 Mar 2021 03:04:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38204) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lMmiE-0007iG-Ic for grub-devel@gnu.org; Thu, 18 Mar 2021 03:04:54 -0400 Received: from de-smtp-delivery-102.mimecast.com ([62.140.7.102]:33102) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1lMmiC-0001uC-9Y for grub-devel@gnu.org; Thu, 18 Mar 2021 03:04:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=mimecast20200619; t=1616051085; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=c9gWU2a+QXLnEwON1Rf0lyjt1irUxpat9dtxmgZ7f4M=; b=GXMTm2sGZsuOMPPQ6/31q5eZwj+qgCrH0vnNtI0GCcS0sLtgdlc1hbM9Hgtl6UIs6if4RR sbbT2uptNB0MzJpTrky3FUxRrTwOD7NJdNdmlWKyeHD06fa6OCB55HMGgcXRuNlKHWOp2J 0QlT85BYdEk2ndqvjvMMXMkGfcC6+Uk= Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04lp2051.outbound.protection.outlook.com [104.47.13.51]) (Using TLS) by relay.mimecast.com with ESMTP id de-mta-38-2oKlLxfdPryUzsFb1IM_Uw-1; Thu, 18 Mar 2021 08:04:44 +0100 X-MC-Unique: 2oKlLxfdPryUzsFb1IM_Uw-1 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BIfP5wNs2r8hCEeqW59D97Zpe4sYLIgfY5Y3bLQ0J62HqjXYZ1qk78th5gOd/OQ/sLX8EGZs5kaKBSe0m5Y9wjbBHjOTF9mGp2wBlwxC5tJhv/FdQHyIvSl2fdz7XENmIhIyq+ACzJPcIHvt+BWLGWASsMuzUJaZ0LtZ19YJ+zYY1j+D0SWN7GTe7nP0vlPJV3eeU8S34hNDedb8T3NE4gaa/5oxKySwYxsyoE+zXeDTIrIbxj8oh07avYqm6Xi2URXuYNLfPcHDiZQVLdtRCMjZ84jsHIkZuF8LUZgy+fy3obNalnmTQU2F0q4/7uDdRUsQ0A+3YTO4yKfBAfPvPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c9gWU2a+QXLnEwON1Rf0lyjt1irUxpat9dtxmgZ7f4M=; b=iSKhLE8XWBhClswOJWO97a/mbqlAEjMwLVQpEOPPOuNjVfsu8cJuCo0CIvwUBMpmimS9akFyNn5MBcdfH0rLpuuXt24vOOvfD/OpVCDrxm+U2yVfN+1jaKeUC+aCjXHUUPpBmDybUR4Z7RPvs8jATKjEHB6CmjzixQH0BjxGTdZs1zxNDzHjedCRioYa4xH9oaeafJE9LP5xN7q82TTxj/IM4U0LQmAgX+LIhbirs61ZkvJ62kj9YP5/c2I2+rDt6F1DCF0jyh2rIN/HPRcKltPTOz4uahX4u8r8SCKN9RKFpVfrARZGg089t85wly+UhGgtPH/XZosZuQ5ltFSk5w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none Authentication-Results: gnu.org; dkim=none (message not signed) header.d=none;gnu.org; dmarc=none action=none header.from=suse.com; Received: from VI1PR04MB4991.eurprd04.prod.outlook.com (2603:10a6:803:57::28) by VI1PR04MB6032.eurprd04.prod.outlook.com (2603:10a6:803:fc::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.32; Thu, 18 Mar 2021 07:04:42 +0000 Received: from VI1PR04MB4991.eurprd04.prod.outlook.com ([fe80::28b7:e423:c3d7:7ccf]) by VI1PR04MB4991.eurprd04.prod.outlook.com ([fe80::28b7:e423:c3d7:7ccf%6]) with mapi id 15.20.3933.032; Thu, 18 Mar 2021 07:04:42 +0000 Date: Thu, 18 Mar 2021 15:04:33 +0800 From: Michael Chang To: The development of GNU GRUB Cc: Marco A Benatto , Javier Martinez Canillas , Daniel Kiper , 984488@bugs.debian.org, 985374@bugs.debian.org Subject: Re: [SECURITY PATCH 001/117] verifiers: Move verifiers API to kernel image Message-ID: <20210318070433.GA31625@mercury> References: <20210302180056.zq4bk2w2cuqhbvx3@tomti.i.net-space.pl> <20210302180204.23887-1-daniel.kiper@oracle.com> <20210318012219.GA4938@riva.ucam.org> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210318012219.GA4938@riva.ucam.org> User-Agent: Mutt/1.10.1 (2018-07-13) X-Originating-IP: [2001:b011:30d0:14af:cb28:3a0c:91f:362b] X-ClientProxiedBy: HKAPR04CA0003.apcprd04.prod.outlook.com (2603:1096:203:d0::13) To VI1PR04MB4991.eurprd04.prod.outlook.com (2603:10a6:803:57::28) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from mercury (2001:b011:30d0:14af:cb28:3a0c:91f:362b) by HKAPR04CA0003.apcprd04.prod.outlook.com (2603:1096:203:d0::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18 via Frontend Transport; Thu, 18 Mar 2021 07:04:40 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 49f519a8-922f-4843-89c7-08d8e9dc1aa8 X-MS-TrafficTypeDiagnostic: VI1PR04MB6032: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: heaFG5MkMTh79KU1iTh5g+Pb+OVGOqN6SOx3+e9bCKDw9Zmbr4UEGPoSjahSR1z24HJxBV3wbJOFhMWVdiNUQ2KC7nzjhSpfBqBWrjqjUX7s61AMtQTMZF0SSuA0D1Q76kBmRrwfZf0JkjDV+gsDpYODvJAxoTqk09kK6SkYXHbuJZC4z3SOGaUHSR0Y72nw1CN6hyO1xwUQdVE7/ay7tbxqlMKggn2kB5ns1YtcH7d7gErBeMNi/lkVxJc86OA6p6q98M32DWsgjLwkViaBmsdhhEAkXLJljzRB6H6IEwmRp9oOQG+TIdNvAnyetG2ZD9n55Hd/S/UY0FIuU89xrQfie7a7A+DkxJGK6hnL/Fdq2LJNPp3lBpWZLp1BucanRVDZnxR1GqmCaRZ94Agr3mOe2S/wYL75CmyvuIYdDA67d/rjkc/l2p6X2nvNYoBJeboymw8ShQqz0M0rgjjgmLx1A8yg8O/7m18rXwJf3HBkf+joNQLjxtLuDWtFoSLTKSmPICtt6BA453jG1aqj5dGbqRtvKpqdYhltKc0C+lSU9qZUO4bTn10w618s5xg4QyNz+JFRlZJHq5bJpYx2GdscbXy1+k066Fmp5R8DuYUl5u+bgSy54XC4imBcRXE1xC02v+wolOseHhWSFKympgDwPsQeS9zPqzzk9DG8dBIRd069RmjnQ8U4MMlAGLoN X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR04MB4991.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(39860400002)(346002)(136003)(396003)(376002)(316002)(55016002)(8936002)(33716001)(966005)(66946007)(6666004)(2906002)(9686003)(33656002)(9576002)(1076003)(54906003)(66476007)(83380400001)(8676002)(52116002)(186003)(16526019)(86362001)(4326008)(5660300002)(66556008)(38100700001)(478600001)(6496006)(6916009); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?oP3NHLN3oBTvhLUG2GLm6frUvzn/EUsnEkGdQk351gjga1Yp80JqqAnGgcVH?= =?us-ascii?Q?0iiEMP4FG4GyEjMGQxlk0oR2GlVdLyvIwKG31u/MKU1NuTDdKKTzPLj8m7m1?= =?us-ascii?Q?lL/6m1bjXBWb0xwVWWVM68ni10ljbWuw0WcoNlhlP/sGa7V+xvbCX3tPxa3/?= =?us-ascii?Q?Mpu1mssJY3vAZ6bnD1Uxg5OitWf4w6Bhji8piGB8/yfC+iPbY1gcJVw/p/rD?= =?us-ascii?Q?JayS+DMDl1F3KZW/Vg0Les2GHWLlqa5CojTvGE2izkqVctvDqJw6GRd1L9Nh?= =?us-ascii?Q?zXJW1M95BEv4ZYn4d1P7ul5McKKSkGmRqqVOxW7GzvAUj2/oJDdHUNk2KI/k?= =?us-ascii?Q?TKO0nQyfQEdchbDAmh3rkGxIHktSjVnnw98eNwNvFrcQtA/OHIPC2X8itd7b?= =?us-ascii?Q?Kflj0N3tHo2XBdilM4ia4o+AWwaT6/d58yU8VNA9g7M2tbTp6oM7zMwvZdZC?= =?us-ascii?Q?0xowc8ZIHjEPFZfyvdnmCUIrc0jHfKa4yohnB7XCIj1xpcPVfjLQyzcJZm77?= =?us-ascii?Q?fR1kfxV2egtSSMKIR1rFdCn73bb195+YC4UmMvTFWB1QGx83EO+cnpJQWIkI?= =?us-ascii?Q?/LIQVkow9Q1yBrzPAWNZmufm+TBKFbP6qIcK3sDmiVRpgcmAeZDorW6L0JWm?= =?us-ascii?Q?vOxX3PzuMxQAdiiYCX96Lg519DJjcZkcHp4mHJH4SDv8cCxydJm+oTWQaRnC?= =?us-ascii?Q?GfrKMEYYiy+E0mAVMoP3LjlqVUCsTOO0AwNyPywF7y6f8vJeyLrBt0vPRPfA?= =?us-ascii?Q?Ukw7ZA014E8pwlb085M0relUgCRWDomVc0tyTctyZbjDK9/eE/ZL8i2cw4xn?= =?us-ascii?Q?iANVqgNneIuLr1lsaTo+DMj8msgxHTBjlA4J8u8MK4AkDM9mo2xkNg2Vadt9?= =?us-ascii?Q?idzaF9ycAW73N8MH14tceciQb7K/2nzuuD+rK64oeaPWyo/qo2jjQ421f3w/?= =?us-ascii?Q?gPsRgCx/QW1ToBZXf5NLeZz72qmC8b1+GYeAGul55LRg+QlU9pnMU3I5a61L?= =?us-ascii?Q?9pjFycNGqTYVsTtOJ5SugP19h4499v7So7M0kc3+b4sMsn+qYgXgu2xHh1UK?= =?us-ascii?Q?vYnRA+yIMDaZkfothPrM0T8bFyPH7RYC/B5sUhd4fHRbzTq3ZDWpF2o3R+yp?= =?us-ascii?Q?ZAV5tMbUD3dW2rYI0SWxhpFPKkILPImTAH/3k+M/EsikKiVgBoS2pbPev7gR?= =?us-ascii?Q?a0QO4hppHshTvQneIBpuY4/EycONAGvkLlaxwC9qhhw7XN51TFJAidRZWXjR?= =?us-ascii?Q?2lTRpNTURQ+Fb+Se6HPhUQztcS5EsaUsglRGcV1WAdPwKkVCTC2cjpHlecwo?= =?us-ascii?Q?BaPEF5SMgDjZUH0AhRUbxR7ABqTVhwV525LrbcKA5STxb3zQ1/kl6QmBQx5t?= =?us-ascii?Q?djzmKeFZ3HnEZqktTFHCpBbqU0XS?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 49f519a8-922f-4843-89c7-08d8e9dc1aa8 X-MS-Exchange-CrossTenant-AuthSource: VI1PR04MB4991.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Mar 2021 07:04:42.5842 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 1PE4uZrWcWc8h2nZ2NV7+ffe14Z89DS4o4ef0SQ51pZMMT2DYbMoP0GcxfF0YM3c X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB6032 Received-SPF: pass client-ip=62.140.7.102; envelope-from=mchang@suse.com; helo=de-smtp-delivery-102.mimecast.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2021 07:04:54 -0000 On Thu, Mar 18, 2021 at 01:22:19AM +0000, Colin Watson wrote: > On Tue, Mar 02, 2021 at 07:00:08PM +0100, Daniel Kiper wrote: [snip] > I believe the practical threshold is 62 512-byte sectors, i.e. 31744 > bytes. > > As you can see, the biggest single change was induced by this patch, > which moves the verifiers API into the kernel image. Makes sense. Is > there anything we can do about this? > > I'm a little confused why this change had to be made in this way. > grub_load_modules is called pretty early during kernel initialization, > and it initializes all embedded modules. Wouldn't it have been > sufficient to leave verifiers as a module and simply include that module > in all UEFI-platform images? > > If that wouldn't have worked for some reason, then perhaps it would be > possible to restructure things a bit more so that we could leave the > verifiers API as a module on i386-pc, e.g. by moving it back to > grub-core/commands/verifiers.c and having conditional code that either > registers/unregisters the filter in a module or registers it at kernel > startup, depending on the platform. It wouldn't be especially pretty, > but I think we could tolerate that for the sake of fixing this > regression. I fully concur with Colin's idea. It is unfortunate that short MBR gap is still used, but it is also unnecessary to increase core image size to support nonexistent efi lockdown on i386-pc platform. The only consumer of the verifiers on the i386-pc platform is pgp module so it is good to keep verifiers as module as long as autoload can keep existing configuation to work transparently. For that I've also worked out a patch and will post here for review. Thanks, Michael > > Thanks, > > -- > Colin Watson (he/him) [cjwatson@debian.org] > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel