From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C315DC54E60 for ; Tue, 19 Mar 2024 12:13:02 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rmYKV-0006gA-7O; Tue, 19 Mar 2024 08:12:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rmYKS-0006fh-RP for grub-devel@gnu.org; Tue, 19 Mar 2024 08:12:28 -0400 Received: from mail-qk1-x72f.google.com ([2607:f8b0:4864:20::72f]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rmYKN-0003X0-SE for grub-devel@gnu.org; Tue, 19 Mar 2024 08:12:28 -0400 Received: by mail-qk1-x72f.google.com with SMTP id af79cd13be357-78850c6609bso218123985a.0 for ; Tue, 19 Mar 2024 05:12:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1710850343; x=1711455143; darn=gnu.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=gQt0odOmvw5H6hpmT06UGP+RKK8QTRgUqYE6UvCuvfw=; b=ZXXf2b9KbEK3A4aeiAeHsgqdATb++1uwpCtAq+P/rex6OilORYyNi6/5I7l+zqQcug AkfWEI3mwANxkzHzOwDqTw9EWDQoaa5/gru6zVcaksZNQQCRzddC99eM6hy55KwcLpB9 cRXrleLArjU83o+Liu81Ph8F2omraFkLCW5Ho= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710850343; x=1711455143; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=gQt0odOmvw5H6hpmT06UGP+RKK8QTRgUqYE6UvCuvfw=; b=KUhNmHXDgUEB6lrLYwxNtrQmVQ9LQ6nt8+xTXMe76GpZAh2fV9umNiEkNeSzjr4yyb uiyMVZ8dDHYiUzK8hm/Es6nubDBapTKhRzbLfDNbVqjBxoLU+M4klbxs4fEA75cZmlPc k7NR8oIkIZ1nEaGqBWTdyMDKkfHiraCbG+KocuXSsT6FJfoPw2Igb3DHCRuEsQwjIXaB tkF694agLwVd6uS7NBGDfrXA0Kur+xMaOPPLmjfGuYRody0BISAfG7F8hyCtGAYGubkN EBOKk8MK/BzEMA//Ppq4iUH+4FcfJ79CIzgLTyC7uUZ+9BX3BZR8H06rYzJa4GVngiKn jf8Q== X-Forwarded-Encrypted: i=1; AJvYcCXD8iu16GamYtBc86jjt4iAbhyw7y01TrhfyY77mKaHYIVsoHlzj3DKvYFM3/Vlk+wSltT5dHQlqRrYtVd7YQtPUG8= X-Gm-Message-State: AOJu0YwM9SKGSuG7m8uFLujISBVKAtSPgWLWw3xJwqWyHKQPTOxF3Mdl KKv0/RvHDyx9AUsxYQWoeyBVardwTbdoXHrQZ0JmxssciEizqKccGEvWeTsTp8U= X-Google-Smtp-Source: AGHT+IHujs1BIDKf3HnuE/+uXlGopEJkkf1KUyI/0UKnM59OyfByEdnWC59U0Xr2iWMQqy+fEMEi9Q== X-Received: by 2002:a05:620a:2408:b0:788:2b2f:4d74 with SMTP id d8-20020a05620a240800b007882b2f4d74mr20664050qkn.18.1710850342651; Tue, 19 Mar 2024 05:12:22 -0700 (PDT) Received: from localhost ([85.31.135.62]) by smtp.gmail.com with ESMTPSA id c14-20020a37e10e000000b007883a49baeesm5393735qkm.4.2024.03.19.05.12.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Mar 2024 05:12:22 -0700 (PDT) Date: Tue, 19 Mar 2024 13:12:20 +0100 To: Ross Lagerwall Subject: Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type Message-ID: References: <20240313150748.791236-1-ross.lagerwall@citrix.com> <20240313150748.791236-2-ross.lagerwall@citrix.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Received-SPF: pass client-ip=2607:f8b0:4864:20::72f; envelope-from=roger.pau@cloud.com; helo=mail-qk1-x72f.google.com X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.422, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: =?utf-8?q?Roger_Pau_Monn=C3=A9_via_Grub-devel?= Reply-To: The development of GNU GRUB Cc: Roger Pau =?utf-8?B?TW9ubsOp?= , Jan Beulich , xen-devel@lists.xenproject.org, Andrew Cooper , Daniel Kiper , grub-devel@gnu.org Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: grub-devel-bounces+grub-devel=archiver.kernel.org@gnu.org Sender: grub-devel-bounces+grub-devel=archiver.kernel.org@gnu.org T24gVGh1LCBNYXIgMTQsIDIwMjQgYXQgMDI6MjQ6MzFQTSArMDAwMCwgUm9zcyBMYWdlcndhbGwg d3JvdGU6Cj4gT24gVGh1LCBNYXIgMTQsIDIwMjQgYXQgMTozN+KAr1BNIEphbiBCZXVsaWNoIDxq YmV1bGljaEBzdXNlLmNvbT4gd3JvdGU6Cj4gPgo+ID4gT24gMTQuMDMuMjAyNCAxMDozMCwgUm9z cyBMYWdlcndhbGwgd3JvdGU6Cj4gPiA+IE9uIFRodSwgTWFyIDE0LCAyMDI0IGF0IDc6MjTigK9B TSBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+IHdyb3RlOgo+ID4gPj4KPiA+ID4+IE9u IDEzLjAzLjIwMjQgMTY6MDcsIFJvc3MgTGFnZXJ3YWxsIHdyb3RlOgo+ID4gPj4+IEluIGFkZGl0 aW9uIHRvIHRoZSBleGlzdGluZyBhZGRyZXNzIGFuZCBFTEYgbG9hZCB0eXBlcywgc3BlY2lmeSBh IG5ldwo+ID4gPj4+IG9wdGlvbmFsIFBFIGJpbmFyeSBsb2FkIHR5cGUuIFRoaXMgbmV3IHR5cGUg aXMgYSB1c2VmdWwgYWRkaXRpb24gc2luY2UKPiA+ID4+PiBQRSBiaW5hcmllcyBjYW4gYmUgc2ln bmVkIGFuZCB2ZXJpZmllZCAoaS5lLiB1c2VkIHdpdGggU2VjdXJlIEJvb3QpLgo+ID4gPj4KPiA+ ID4+IEFuZCB0aGUgY29uc2lkZXJhdGlvbiB0byBoYXZlIEVMRiBzaWduYWJsZSAoYnkgd2hhdGV2 ZXIgZXh0ZW5zaW9uIHRvCj4gPiA+PiB0aGUgRUxGIHNwZWMpIHdlbnQgbm93aGVyZT8KPiA+ID4+ Cj4gPiA+Cj4gPiA+IEknbSBub3Qgc3VyZSBpZiB5b3UncmUgcmVmZXJyaW5nIHRvIHNvbWUgb25n b2luZyB3b3JrIHRvIGNyZWF0ZSBzaWduYWJsZQo+ID4gPiBFTEZzIHRoYXQgSSdtIG5vdCBhd2Fy ZSBvZi4KPiA+Cj4gPiBTb21ldGhpbmcgbXVzdCBoYXZlIGJlZW4gaW52ZW50ZWQgYWxyZWFkeSB0 byBtYWtlIExpbnV4IG1vZHVsZXMgc2lnbmFibGUuCj4gCj4gTGludXggbW9kdWxlIHNpZ25hdHVy ZXMgb3BlcmF0ZSBvdXRzaWRlIG9mIHRoZSBFTEYgY29udGFpbmVyLiBJbiBmYWN0LAo+IEFGQUlL IHRoZSBhY3R1YWwgc2lnbmVkIGNvbnRlbnQgY291bGQgYmUgYW55dGhpbmcuIFRoZSBmaWxlIGZv cm1hdCBpczoKPiAKPiAqIENvbnRlbnQgKGkuZS4gRUxGIGJpbmFyeSkKPiAqIFNpZ25hdHVyZSBv ZiBjb250ZW50IGluIFBLQ1M3IGZvcm1hdAo+ICogU2lnbmF0dXJlIGluZm8sIGluY2x1ZGluZyBz aWduYXR1cmUgbGVuZ3RoCj4gKiBNYWdpYyBtYXJrZXI6ICJ+TW9kdWxlIHNpZ25hdHVyZSBhcHBl bmRlZH5cbiIKPiAKPiBUaGlzIGtpbmQgb2YgYXJyYW5nZW1lbnQgZG9lcyBpbmRlZWQgd29yayBi dXQgaXQgaXMgZnJhZ2lsZS4gU2luY2UgdGhlCj4gc2lnbmF0dXJlIGlzIG9uIHRoZSBlbnRpcmUg Y29udGVudHMgYW5kIHRvb2xzIHRoYXQgdW5kZXJzdGFuZCBFTEYgZG9uJ3QKPiBwYXJzZSB0aGUg c2lnbmF0dXJlLCBhbnkgdHJhbnNmb3JtYXRpb24gb2YgdGhlIGJpbmFyeSAoZS5nLiB0bwo+IHN0 cmlwIG91dCBkZWJ1Z2luZm8pIHdpbGwgY2F1c2UgdGhlIHNpZ25hdHVyZSB0byBiZSBsb3N0IC8g aW52YWxpZGF0ZWQuCj4gCj4gTmV2ZXJ0aGVsZXNzLCB0aGlzIGNvdWxkIHN0aWxsIGJlIGFuIG9w dGlvbiBmb3IgWGVuIGlmIHRoaXMgaXMKPiBkZWVtZWQgdG8gYmUgYSBwcmVmZXJyZWQgc29sdXRp b24gYnkgb3RoZXJzLiBJdCB3b3VsZCBiZSBnb29kIHRvIGhlYXIKPiBzb21lIG9waW5pb25zIG9u IHRoaXMuCgpObywgSU1PIHRoZSBQRSByb3V0ZSBpcyBsaWtlbHkgdGhlIGJlc3Qgb25lLCBhcyB0 aGVyZSdzIGFscmVhZHkgYWxsCnRoZSB0b29saW5nIGFyb3VuZCBpdCwgYW5kIGl0J3Mgd2hhdCBv dGhlciBPU2VzIHVzZSB0byBwZXJmb3JtIHNlY3VyZQpib290LgoKSXQgd291bGQgaGF2ZSBiZWVu IG5pY2UgZm9yIEVMRiB0byBncm93IGFuIGV4dGVuc2lvbiB0byB0aGUgc3BlYyBmb3IKaW1hZ2Ug aW50ZWdyaXR5IGRhdGEsIGJ1dCBJIGRvbid0IHNlZSBteXNlbGYgZG9pbmcgdGhlIHdvcmsgVEJI LgoKVGhhbmtzLCBSb2dlci4KCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fCkdydWItZGV2ZWwgbWFpbGluZyBsaXN0CkdydWItZGV2ZWxAZ251Lm9yZwpodHRw czovL2xpc3RzLmdudS5vcmcvbWFpbG1hbi9saXN0aW5mby9ncnViLWRldmVsCg== From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 85AB8C54E5D for ; Tue, 19 Mar 2024 12:12:54 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.695349.1085008 (Exim 4.92) (envelope-from ) id 1rmYKQ-0003Qs-DC; Tue, 19 Mar 2024 12:12:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 695349.1085008; Tue, 19 Mar 2024 12:12:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rmYKQ-0003Ql-AE; Tue, 19 Mar 2024 12:12:26 +0000 Received: by outflank-mailman (input) for mailman id 695349; Tue, 19 Mar 2024 12:12:25 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rmYKP-0003Qd-2l for xen-devel@lists.xenproject.org; Tue, 19 Mar 2024 12:12:25 +0000 Received: from mail-qk1-x735.google.com (mail-qk1-x735.google.com [2607:f8b0:4864:20::735]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id f131974e-e5e9-11ee-afdd-a90da7624cb6; Tue, 19 Mar 2024 13:12:23 +0100 (CET) Received: by mail-qk1-x735.google.com with SMTP id af79cd13be357-789db18e169so410433785a.1 for ; Tue, 19 Mar 2024 05:12:23 -0700 (PDT) Received: from localhost ([85.31.135.62]) by smtp.gmail.com with ESMTPSA id c14-20020a37e10e000000b007883a49baeesm5393735qkm.4.2024.03.19.05.12.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Mar 2024 05:12:22 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: f131974e-e5e9-11ee-afdd-a90da7624cb6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1710850343; x=1711455143; darn=lists.xenproject.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=gQt0odOmvw5H6hpmT06UGP+RKK8QTRgUqYE6UvCuvfw=; b=X2xNKT3g8UkGnySnbq2iQ481af/9VyrLEeeJq+W/iXtcUKisjhGvItjOFqWiWbrchE 6mQlyNNsq4z2EkY26t04HiFAXLU5CAcNDlI9I3o9Op4Gln3HVCZahk4Pqu1uv9iUH6DR j4gFhmGwqWbqmtc4evLD0rF9kD9GXTTDZa91M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710850343; x=1711455143; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=gQt0odOmvw5H6hpmT06UGP+RKK8QTRgUqYE6UvCuvfw=; b=JIb2bvEmof6fks4SwpCw6xjWApPGW5/m6PKEN/pM82fc4lSDVNGSvolqKVRGBMsf5z uqi6xOeoR7tvDsuxSVtV4WTim68MtvwANXJpHVJ+JD5o+rMJpLFAaH2dwV6sxj48EEWh pvBZIKWfvS2gzlePEjBuMNcgQspajvcSdhrfFrK8XOsnu7o6uFAZffMtUK0UzDu2yHVD DHuIw9RLSPiA3Sz/5eMYNCKbwpDdF4WfewQqqLz3tLhhGP+fFvuoRQFDGaJCvRmHSZU1 eBe0kdeo7zKbguyhiBCYLlvYfIx5dqP9FFlBH5c9FvaXD1ule8YpubtX46wK0Wo+8Qas uVPQ== X-Forwarded-Encrypted: i=1; AJvYcCXs8V3mFb93rqqRPm7wHNCFb70KcvAGiMW2pic4QgqUiF+5opayhEjiIkoIo2LeCt1dMdnKSjTVZNXaTb52UC7b3VXjBHpegCrdgCB+1wk= X-Gm-Message-State: AOJu0YxqK+uOCl6v1ETiE6U1SnPgQilvNl6PxIsWSi6xmBdF9P8kIGaD AdxY5AoW1hPV8kvXBpJ/yXvsLW3EYGJgZQ0ntg6vJyw3ZkjKoN25wloU8EJaRvUIbOoCzkIJisK U X-Google-Smtp-Source: AGHT+IHujs1BIDKf3HnuE/+uXlGopEJkkf1KUyI/0UKnM59OyfByEdnWC59U0Xr2iWMQqy+fEMEi9Q== X-Received: by 2002:a05:620a:2408:b0:788:2b2f:4d74 with SMTP id d8-20020a05620a240800b007882b2f4d74mr20664050qkn.18.1710850342651; Tue, 19 Mar 2024 05:12:22 -0700 (PDT) Date: Tue, 19 Mar 2024 13:12:20 +0100 From: Roger Pau =?utf-8?B?TW9ubsOp?= To: Ross Lagerwall Cc: Jan Beulich , xen-devel@lists.xenproject.org, Andrew Cooper , Daniel Kiper , grub-devel@gnu.org Subject: Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type Message-ID: References: <20240313150748.791236-1-ross.lagerwall@citrix.com> <20240313150748.791236-2-ross.lagerwall@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Thu, Mar 14, 2024 at 02:24:31PM +0000, Ross Lagerwall wrote: > On Thu, Mar 14, 2024 at 1:37 PM Jan Beulich wrote: > > > > On 14.03.2024 10:30, Ross Lagerwall wrote: > > > On Thu, Mar 14, 2024 at 7:24 AM Jan Beulich wrote: > > >> > > >> On 13.03.2024 16:07, Ross Lagerwall wrote: > > >>> In addition to the existing address and ELF load types, specify a new > > >>> optional PE binary load type. This new type is a useful addition since > > >>> PE binaries can be signed and verified (i.e. used with Secure Boot). > > >> > > >> And the consideration to have ELF signable (by whatever extension to > > >> the ELF spec) went nowhere? > > >> > > > > > > I'm not sure if you're referring to some ongoing work to create signable > > > ELFs that I'm not aware of. > > > > Something must have been invented already to make Linux modules signable. > > Linux module signatures operate outside of the ELF container. In fact, > AFAIK the actual signed content could be anything. The file format is: > > * Content (i.e. ELF binary) > * Signature of content in PKCS7 format > * Signature info, including signature length > * Magic marker: "~Module signature appended~\n" > > This kind of arrangement does indeed work but it is fragile. Since the > signature is on the entire contents and tools that understand ELF don't > parse the signature, any transformation of the binary (e.g. to > strip out debuginfo) will cause the signature to be lost / invalidated. > > Nevertheless, this could still be an option for Xen if this is > deemed to be a preferred solution by others. It would be good to hear > some opinions on this. No, IMO the PE route is likely the best one, as there's already all the tooling around it, and it's what other OSes use to perform secure boot. It would have been nice for ELF to grow an extension to the spec for image integrity data, but I don't see myself doing the work TBH. Thanks, Roger.