Re: Xen.efi and secure boot

[Andrew Cooper <andrew.cooper3@citrix.com>]

On 26/11/12 17:57, George Dunlap wrote:
> So while doing a bit of investigation into a request that we have
> instructions for how to sign a Xen binary, I came across a related
> pair of questions.  If we boot from a signed Xen binary, then:
> 1. Will Xen then successfully boot a signed dom0 kernel / initrd?
> 2. Will Xen fail to boot an unsigned dom0 kernel / initrd?
>
> I think if Xen is signed, then ideally we want both 1 and 2 to be
> true, right?  Does UEFI provide a way to check the signature of
> files?  Does it happen automatically, or would we need to add extra
> support?  Or would we need to embed a public key within the Xen binary
> and have Xen check the signatures of files that it reads?
>
>  -George

The problem is deeper than that.

The idea of secure boot is that only signed/verified code can perform
privileged operations.  One can argue as to exactly where this boundary
lies, but in the native case, it contains any kernel level code. 
Userspace uses the kernel API/ABI subject to the permissions checks
present and (assuming no security holes), everyone is happy.

In the Xen case, Xen will happily accept any privileged hypercalls from
dom0.  So you could argue that anything able to make ioctls against
/dev/xen/privcmd (and friends) would need to be within the signed code. 
This is the entire toolstack, and all root processes.

Furthermore, cross-domain systems like xenbus/xenstore would also need
to be signed.  Imagine the carnage a malicious xenstored could cause!

I am struggling to think of a way of getting secure boot working
correctly without signing all of dom0.

-- 
Andrew Cooper - Dom0 Kernel Engineer, Citrix XenServer
T: +44 (0)1223 225 900, http://www.citrix.com