[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZLa/R9tZ0hB0KOXj@redhat.com>
Date: Tue, 18 Jul 2023 17:35:19 +0100
From: Daniel P. Berrangé <berrange@...hat.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: Luca Boccassi <bluca@...ian.org>, Ard Biesheuvel <ardb@...nel.org>,
Emanuele Giuseppe Esposito <eesposit@...hat.com>,
x86@...nel.org, Thomas Gleixner <tglx@...utronix.de>,
lennart@...ttering.net, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Masahiro Yamada <masahiroy@...nel.org>,
Alexander Potapenko <glider@...gle.com>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH v2] x86/boot: add .sbat section to the bzImage
On Tue, Jul 18, 2023 at 05:51:56PM +0200, Paolo Bonzini wrote:
> On Tue, Jul 18, 2023 at 4:03 PM Luca Boccassi <bluca@...ian.org> wrote:
> > > So perhaps there could be some kind of protocol that would let a new
> > > kernel tell the bootloader "don't boot an older kernel than me in the
> > > future". It could even be an extension to the SBAT spec itself. I
> > > haven't really thought much about it, tbh. However, I'm quite positive
> > > that a revocation index attached to the kernel image cannot really work
> > > as a concept, not even if it is managed by the distro.
> >
> > You are pretty much describing SBAT there. Except for the detail that
> > it can't be the component that can be compromised that tells you
> > whether it's compromised and you should trust it... A system's SBAT
> > policy is a single entity, managed centrally, and deployed everywhere.
>
> Fine, so can the SBAT spec be extended to have some kind of version
> that is not a single number? If that is provided, Linux could have the
> mechanism to place the kernel version in the .sbat section. But I
> agree with Borislav, Greg and others that a single revocation index
> simply doesn't cut it.
In theory it could already be treated as being a version if you were
to just encode the 3 version number components into an integer.
There's a slight caveat that when parsing sbat shim currently appears
to store the generation number in a uint16, so the size is somewhat
limited. Probably still just enough bits to encode a kernel version,
though changing shim code to uint32 looks easy enough too.
Directly encoding the version number though has implications for
revokation wrt stable branches though. My impression is that the
generation number was intentionally separate from a version number,
so that people could backport particular fixes to a stable branch
and then declare it to be the same "generation" as the latest
devel branch, or other stable branches which also included the
equiv fixes.
Obviously that presumes that an old branch can be made secure by
selectively backporting patches. That is a view which is obviously
not universally accepted, especially in upstream context, as clearly
expressed in several mails in this thread. It is what distros would
typically claim to achieve though. I'm not sure it is possible to
satisfy both those differing views.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Powered by blists - more mailing lists