From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.61]) by mx.groups.io with SMTP id smtpd.web12.180.1581716623845995306 for ; Fri, 14 Feb 2020 13:43:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=UnpW/7Rc; spf=pass (domain: redhat.com, ip: 205.139.110.61, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1581716623; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QT6DxbsPaIdd2cDcMBYwele1Wkg46MVmKXdWDFCNFJ8=; b=UnpW/7RcqH78JFzJlD0LvD9grCmXq1a6oJXi2evOV1G03ZEg4Q2Ir+4ZT6X9jllvGTKhiX G/QuTcN9vZlBX+gDHBKMyMbeK7Y8qVq0CA1+jYh76Nin+DoOErtDtQiAy1OdPaP6YMg1BT qGIsDop/4+kMxby3+7kTjFbeX3gGieg= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-128-klls5icEPG-YinIZx0QV-w-1; Fri, 14 Feb 2020 16:43:38 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1B895107ACC4; Fri, 14 Feb 2020 21:43:37 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-153.ams2.redhat.com [10.36.116.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3FB3D83865; Fri, 14 Feb 2020 21:43:35 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH 1/1] OvmfPkg IA32: add support for loading X64 Linux images To: Ard Biesheuvel , edk2-devel-groups-io Cc: Leif Lindholm , Peter Jones , Matthew Garrett , Alexander Graf , Daniel Kiper , Arvind Sankar References: <20200214114155.22859-1-ard.biesheuvel@arm.com> <8f18a788-91bd-63c7-447a-c28fa3613e6d@redhat.com> From: "Laszlo Ersek" Message-ID: <4715e9d7-ebfa-7ae6-86f9-0f7c3c761416@redhat.com> Date: Fri, 14 Feb 2020 22:43:34 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-MC-Unique: klls5icEPG-YinIZx0QV-w-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 02/14/20 16:05, Ard Biesheuvel wrote: > On Fri, 14 Feb 2020 at 15:45, Laszlo Ersek wrote: >> (5) Can you please explain how EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL >> relates to Secure Boot and/or Trusted Boot? >> >> (5a) Is the ".compat" section included in the image hashing? >> > > Yes. > >> (5b) Does the DXE core subject such non-native images to verification / >> measurement at all? (Sorry I didn't follow your original work on >> EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL.) >> > > Yes. They are treated entirely like ordinary images, with all the > policy checks regarding authentication and measurement. [...] Thank you! Laszlo