Re: [RFCv2 0/9] UEFI emulator for kexec

["Jarkko Sakkinen" <jarkko@kernel.org>]

On Sat Sep 7, 2024 at 2:31 PM EEST, Jarkko Sakkinen wrote:
> On Sat Sep 7, 2024 at 2:27 PM EEST, Jarkko Sakkinen wrote:
> > On Fri Sep 6, 2024 at 1:54 PM EEST, Philipp Rudo wrote:
> > > Let me throw an other wild idea in the ring. Instead of implementing
> > > a EFI runtime we could also include a eBPF version of the stub into the
> > > images. kexec could then extract the eBPF program and let it run just
> > > like any other eBPF program with all the pros (and cons) that come with
> > > it. That won't be as generic as the EFI runtime, e.g. you couldn't
> > > simply kexec any OS installer. On the other hand it would make it
> > > easier to port UKIs et al. to non-EFI systems. What do you think?
> >
> > BPF would have some guarantees that are favorable such as programs
> > always end, even faulty ones. It always has implicit "ExitBootServices".
> >
> > Just a remark.
>
> Some days ago I was thinking could some of the kernel functionality be
> eBPF at least like in formal theory because most of it is amortized,
> i.e. does a fixed chunk of work. Not going into that rabbit hole but
> I really like this idea and could be good experimentation ground for
> such innovation.

E.g. let's imagine there would imaginary eBPF-TPM driver framework.

How I would go doing that would be to take the existing TPM driver
functionality and provide extra functions and resources available for
subsystem specific BPF environment, and have the orhestration code as
eBPF. I pretty much concluded that there is a chance that such could
work out.

Not something in my immediate table but it is still really interesting
idea, as instead of using language to separate "safe" and unsafe"
regions you would use "VM" environments to create the walls. In the
end of the day that would also great venture for Rust in kernel, i.e.
compile that BPF from Rust.

Sorry going of the hook the comment triggered me ;-)

BR, Jarkko