From: Brendan Trotter <btrotter@gmail.com>
To: "Daniel P. Smith" <dpsmith@apertussolutions.com>
Cc: The development of GNU GRUB <grub-devel@gnu.org>,
Ard Biesheuvel <ardb@kernel.org>,
Matthew Garrett <mjg59@srcf.ucam.org>,
Daniel Kiper <daniel.kiper@oracle.com>,
Alec Brown <alec.r.brown@oracle.com>,
Kanth Ghatraju <kanth.ghatraju@oracle.com>,
Ross Philipson <ross.philipson@oracle.com>,
"piotr.krol@3mdeb.com" <piotr.krol@3mdeb.com>,
"krystian.hebel@3mdeb.com" <krystian.hebel@3mdeb.com>,
"persaur@gmail.com" <persaur@gmail.com>,
"Yoder, Stuart" <stuart.yoder@arm.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
"michal.zygowski@3mdeb.com" <michal.zygowski@3mdeb.com>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
"lukasz@hawrylko.pl" <lukasz@hawrylko.pl>,
linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org,
James Morris <jmorris@namei.org>
Subject: Re: Linux DRTM on UEFI platforms
Date: Fri, 8 Jul 2022 13:06:19 +0930 [thread overview]
Message-ID: <CAELHeEcEN=4YrPJROvzHoOiqqe5Bk0f8pDCZDnQ6aS=2LdwNow@mail.gmail.com> (raw)
In-Reply-To: <b1e7b545-8e66-5dc0-ff5a-9f69d1751a5f@apertussolutions.com>
Hi,
On Thu, Jul 7, 2022 at 7:18 PM Daniel P. Smith
<dpsmith@apertussolutions.com> wrote:
> On 7/5/22 20:03, Brendan Trotter wrote:
> Greetings!
>
> Not sure why I got dropped from distro, but no worries.
>
> > On Wed, Jul 6, 2022 at 4:52 AM Daniel P. Smith
> > <dpsmith@apertussolutions.com> wrote:
> >> On 6/10/22 12:40, Ard Biesheuvel wrote:> On Thu, 19 May 2022 at 22:59,
> >> To help provide clarity, consider the following flows for comparison,
> >>
> >> Normal/existing efi-stub:
> >> EFI -> efi-stub -> head_64.S
> >>
> >> Proposed secure launch:
> >> EFI -> efi-stub -> dl-handler -> [cpu] -> sl_stub ->head_64.S
> >
> > For more clarity; the entire point is to ensure that the kernel only
> > has to trust itself and the CPU/TPM hardware (and does not have to
> > trust a potentially malicious boot loader)..Any attempt to avoid a
> > one-off solution for Linux is an attempt to weaken security.
>
> Please elaborate so I might understand how this entrypoint allows for
> the kernel to only trust itself and the CPU/TPM.
Is this a serious request?
Kernel is started (via. firmware using the kernel's efi-stub, or via.
"kexec()", or..); and regardless of how the kernel was started the
kernel establishes its own dynamic root of trust.(e.g. AMD"s SKINIT or
Intel's TXT, followed by measuring the remainder of itself and
anything passed from firmware like APCI tables) without relying on a
call-back provided by "untrusted by kernel" third-parties that don't
exist in most cases. The dynamic root of trust that kernel creates
depends on the kernel, CPU, TPM, etc (and excludes untrusted and
unnecessary third parties)..
The only potential benefit that the callback solution provides is that
it, in theory, it could reduce duplication of work for other operating
systems (FreeBSD, Solaris, Haiku, Fuchsia, .. could use the same
callback instead of doing it themselves); but previous discussions
(talk of formalising the contract between the boot stub and the Linux
kernel) suggest that you aren't interested in any other OS.
This leaves me wondering what your true motivation is. Are you trying
to benefit GRUB/Trenchboot (at the expense of security, end-user
convenience, distro installer hassle, etc); or trying to manufacture
scope for future man-in-the middle attacks (by promoting a solution
that requires something between firmware and kernel)?
- Brendan
next prev parent reply other threads:[~2022-07-08 3:36 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-29 17:40 Linux DRTM on UEFI platforms Matthew Garrett
2022-03-30 7:02 ` Ard Biesheuvel
2022-03-30 7:11 ` Matthew Garrett
2022-03-30 7:12 ` Ard Biesheuvel
2022-03-30 7:18 ` Matthew Garrett
2022-03-30 7:23 ` Ard Biesheuvel
2022-03-30 7:27 ` Matthew Garrett
2022-03-30 7:39 ` Ard Biesheuvel
2022-03-30 12:46 ` James Bottomley
2022-03-31 0:35 ` Daniel P. Smith
2022-03-31 7:13 ` Ard Biesheuvel
2022-03-31 10:59 ` Heinrich Schuchardt
2022-05-19 20:57 ` Daniel P. Smith
2022-05-19 20:57 ` Daniel P. Smith
2022-06-10 16:40 ` Ard Biesheuvel
2022-07-05 18:35 ` Daniel P. Smith
2022-07-06 0:03 ` Brendan Trotter
2022-07-06 0:12 ` Matthew Garrett
2022-07-07 9:46 ` Daniel P. Smith
2022-07-08 3:36 ` Brendan Trotter [this message]
2022-07-08 4:56 ` Matthew Garrett
2022-07-22 17:23 ` Daniel P. Smith
2022-07-23 5:15 ` Brendan Trotter
2022-08-09 10:53 ` Daniel P. Smith
2022-08-10 9:07 ` Brendan Trotter
2022-08-10 17:46 ` Matthew Garrett
2022-08-11 9:55 ` Brendan Trotter
2022-08-11 11:34 ` Daniel Kiper
2022-08-11 18:25 ` Matthew Garrett
2022-08-12 3:22 ` Brendan Trotter
2022-08-12 5:54 ` Matthew Garrett
2022-08-05 12:53 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAELHeEcEN=4YrPJROvzHoOiqqe5Bk0f8pDCZDnQ6aS=2LdwNow@mail.gmail.com' \
--to=btrotter@gmail.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=alec.r.brown@oracle.com \
--cc=andrew.cooper3@citrix.com \
--cc=ardb@kernel.org \
--cc=daniel.kiper@oracle.com \
--cc=dpsmith@apertussolutions.com \
--cc=grub-devel@gnu.org \
--cc=jmorris@namei.org \
--cc=kanth.ghatraju@oracle.com \
--cc=krystian.hebel@3mdeb.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lukasz@hawrylko.pl \
--cc=michal.zygowski@3mdeb.com \
--cc=mjg59@srcf.ucam.org \
--cc=persaur@gmail.com \
--cc=piotr.krol@3mdeb.com \
--cc=ross.philipson@oracle.com \
--cc=stuart.yoder@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.