From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.61])
 by mx.groups.io with SMTP id smtpd.web12.180.1581716623845995306
 for <devel@edk2.groups.io>;
 Fri, 14 Feb 2020 13:43:44 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=UnpW/7Rc;
 spf=pass (domain: redhat.com, ip: 205.139.110.61, mailfrom: lersek@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1581716623;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=QT6DxbsPaIdd2cDcMBYwele1Wkg46MVmKXdWDFCNFJ8=;
	b=UnpW/7RcqH78JFzJlD0LvD9grCmXq1a6oJXi2evOV1G03ZEg4Q2Ir+4ZT6X9jllvGTKhiX
	G/QuTcN9vZlBX+gDHBKMyMbeK7Y8qVq0CA1+jYh76Nin+DoOErtDtQiAy1OdPaP6YMg1BT
	qGIsDop/4+kMxby3+7kTjFbeX3gGieg=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-128-klls5icEPG-YinIZx0QV-w-1; Fri, 14 Feb 2020 16:43:38 -0500
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1B895107ACC4;
	Fri, 14 Feb 2020 21:43:37 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-153.ams2.redhat.com [10.36.116.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 3FB3D83865;
	Fri, 14 Feb 2020 21:43:35 +0000 (UTC)
Subject: Re: [edk2-devel] [PATCH 1/1] OvmfPkg IA32: add support for loading X64 Linux images
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 edk2-devel-groups-io <devel@edk2.groups.io>
Cc: Leif Lindholm <leif@nuviainc.com>, Peter Jones <pjones@redhat.com>,
 Matthew Garrett <mjg59@google.com>, Alexander Graf <agraf@csgraf.de>,
 Daniel Kiper <daniel.kiper@oracle.com>, Arvind Sankar <nivedita@alum.mit.edu>
References: <20200214114155.22859-1-ard.biesheuvel@arm.com>
 <8f18a788-91bd-63c7-447a-c28fa3613e6d@redhat.com>
 <CAKv+Gu-twaeZxhSDFeG1AM+JPHrfe_146cyvniU+6zFX_Ffsww@mail.gmail.com>
From: "Laszlo Ersek" <lersek@redhat.com>
Message-ID: <4715e9d7-ebfa-7ae6-86f9-0f7c3c761416@redhat.com>
Date: Fri, 14 Feb 2020 22:43:34 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <CAKv+Gu-twaeZxhSDFeG1AM+JPHrfe_146cyvniU+6zFX_Ffsww@mail.gmail.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-MC-Unique: klls5icEPG-YinIZx0QV-w-1
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Language: en-US
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

On 02/14/20 16:05, Ard Biesheuvel wrote:
> On Fri, 14 Feb 2020 at 15:45, Laszlo Ersek <lersek@redhat.com> wrote:

>> (5) Can you please explain how EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL
>> relates to Secure Boot and/or Trusted Boot?
>>
>> (5a) Is the ".compat" section included in the image hashing?
>>
> 
> Yes.
> 
>> (5b) Does the DXE core subject such non-native images to verification /
>> measurement at all? (Sorry I didn't follow your original work on
>> EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL.)
>>
> 
> Yes. They are treated entirely like ordinary images, with all the
> policy checks regarding authentication and measurement.

[...]

Thank you!
Laszlo