Re: [PATCH v2 0/2] x86/kexec: UKI Support

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Philipp Rudo <prudo@redhat.com>
To: Jan Hendrik Farr <kernel@jfarr.cc>
Cc: linux-kernel@vger.kernel.org, kexec@lists.infradead.org,
	x86@kernel.org, tglx@linutronix.de, dhowells@redhat.com,
	vgoyal@redhat.com, keyrings@vger.kernel.org,
	akpm@linux-foundation.org, bhe@redhat.com, bhelgaas@google.com,
	bluca@debian.org, lennart@poettering.net
Subject: Re: [PATCH v2 0/2] x86/kexec: UKI Support
Date: Wed, 13 Sep 2023 16:00:45 +0200	[thread overview]
Message-ID: <20230913160045.40d377f9@rotkaeppchen> (raw)
In-Reply-To: <20230911052535.335770-1-kernel@jfarr.cc>

Hi Jan,

All in all the code looks fine to me. Nevertheless I don't think UKI support
should be added at the moment. This is because IMHO you basically reinterpret
the kexec_file systemcall and thus add a new uapi to the kernel. Once
introduced it is extremely hard to remove or change an uapi again. The problem
I see is that the spec you based your work on is in such a poor shape that I
don't feel comfortable to add any new uapi based on it.

For example there are two definitions for the UKI which contradict each other.
The dedicated one [1] you have cited earlier and the one in the BLS for type #2
entries [2]. In [1] the .linux and .initrd sections are mandatory and the
.osrel and .cmdline sections are optional while in [2] it is the other way
round. Which definition should the kernel follow?

Furthermore, I absolutely don't understand how the spec should be read. All
the spec does is defining some file formats. There is no word about which
component in the boot chain is supposed to handle them and what exactly this
component is supposed to do with it. But that is crucial if we want to add UKI
support for kexec as the kexec systemcall will replace the stub. So we need to
know what tasks the stub is supposed to perform. Currently this is only some
implementation detail of the systemd-stub [3] that can change any moment and I
strongly oppose to base any uapi on it.

In the end the only benefit this series brings is to extend the signature
checking on the whole UKI except of just the kernel image. Everything else can
also be done in user space. Compared to the problems described above this is a
very small gain for me.

Until the spec got fixed I don't see a chance to add UKI support for kexec.

Thanks
Philipp

[1] https://uapi-group.org/specifications/specs/unified_kernel_image/
[2] https://uapi-group.org/specifications/specs/boot_loader_specification/#type-2-efi-unified-kernel-images
[3] https://www.freedesktop.org/software/systemd/man/systemd-stub.html

On Mon, 11 Sep 2023 07:25:33 +0200
Jan Hendrik Farr <kernel@jfarr.cc> wrote:

> Hello,
> 
> this patch (v2) implements UKI support for kexec_file_load. It will require
> support in the kexec-tools userspace utility. For testing purposes the
> following can be used: https://github.com/Cydox/kexec-test/
> 
> Creating UKIs for testing can be done with ukify (included in systemd),
> sbctl, and mkinitcpio, etc.
> 
> There has been discussion on this topic in an issue on GitHub that is linked
> below for reference.
> 
> Changes for v2:
> - .cmdline section is now optional
> - moving pefile_parse_binary is now in a separate commit for clarity
> - parse_pefile.c is now in /lib instead of arch/x86/kernel (not sure if
>   this is the best location, but it definetly shouldn't have been in an
>   architecture specific location)
> - parse_pefile.h is now in include/kernel instead of architecture
>   specific location
> - if initrd or cmdline is manually supplied EPERM is returned instead of
>   being silently ignored
> - formatting tweaks
> 
> 
> Some links:
> - Related discussion: https://github.com/systemd/systemd/issues/28538
> - Documentation of UKIs: https://uapi-group.org/specifications/specs/unified_kernel_image/
> 
> Jan Hendrik Farr (2):
>   move pefile_parse_binary to its own file
>   x86/kexec: UKI support
> 
>  arch/x86/include/asm/kexec-uki.h       |   7 ++
>  arch/x86/kernel/Makefile               |   1 +
>  arch/x86/kernel/kexec-uki.c            | 126 +++++++++++++++++++++++++
>  arch/x86/kernel/machine_kexec_64.c     |   2 +
>  crypto/asymmetric_keys/mscode_parser.c |   2 +-
>  crypto/asymmetric_keys/verify_pefile.c | 110 +++------------------
>  crypto/asymmetric_keys/verify_pefile.h |  16 ----
>  include/linux/parse_pefile.h           |  32 +++++++
>  lib/Makefile                           |   3 +
>  lib/parse_pefile.c                     | 109 +++++++++++++++++++++
>  10 files changed, 292 insertions(+), 116 deletions(-)
>  create mode 100644 arch/x86/include/asm/kexec-uki.h
>  create mode 100644 arch/x86/kernel/kexec-uki.c
>  create mode 100644 include/linux/parse_pefile.h
>  create mode 100644 lib/parse_pefile.c
>

next prev parent reply	other threads:[~2023-09-13 14:02 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-11  5:25 [PATCH v2 0/2] x86/kexec: UKI Support Jan Hendrik Farr
2023-09-11  5:25 ` [PATCH v2 1/2] move pefile_parse_binary to its own file Jan Hendrik Farr
2023-09-11  5:25 ` [PATCH v2 2/2] x86/kexec: UKI support Jan Hendrik Farr
2023-09-12  1:03 ` [PATCH v2 0/2] x86/kexec: UKI Support Baoquan He
2023-09-12 19:25   ` Jan Hendrik Farr
2023-09-13 14:00 ` Philipp Rudo [this message]
2023-09-13 14:42   ` Jan Hendrik Farr
2023-09-14 19:09     ` Philipp Rudo
2023-09-20  7:43     ` Dave Young
2023-09-20  8:40       ` Dave Young
2023-09-20 10:50         ` Ard Biesheuvel
2023-09-20 12:07           ` Dave Young
2023-09-20 12:18             ` Dave Young
2023-09-21  3:14               ` Dave Young
2023-09-20 22:02           ` Jan Hendrik Farr
2023-09-25 14:36             ` Philipp Rudo
2023-09-14  9:32   ` Lennart Poettering
2023-09-14 12:26     ` Jarkko Sakkinen
2023-09-14 15:33       ` Jarkko Sakkinen
2023-09-14 16:11         ` Jan Hendrik Farr
2023-09-14 21:14           ` Jarkko Sakkinen
2023-09-14 18:51     ` Philipp Rudo
2023-09-14 21:04       ` Jan Hendrik Farr
2023-09-18 15:36         ` Philipp Rudo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230913160045.40d377f9@rotkaeppchen \
    --to=prudo@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=bhe@redhat.com \
    --cc=bhelgaas@google.com \
    --cc=bluca@debian.org \
    --cc=dhowells@redhat.com \
    --cc=kernel@jfarr.cc \
    --cc=kexec@lists.infradead.org \
    --cc=keyrings@vger.kernel.org \
    --cc=lennart@poettering.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tglx@linutronix.de \
    --cc=vgoyal@redhat.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox