From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web09.8339.1663505551107298787 for ; Sun, 18 Sep 2022 05:52:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=DOTc0037; spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 62610614C2 for ; Sun, 18 Sep 2022 12:52:30 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B8A31C433D7 for ; Sun, 18 Sep 2022 12:52:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663505549; bh=VOR0AGVEdQ3CHQcBdBPVRLukxC/WlFK/iakfI5I0/AU=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=DOTc0037Xvvb1s8M7M6nTuK8EiuAsVLqCX1fh+714IwJS7AamnRkuW5DRwm9YeCGK MFe14fZ9lTzo2EdJmsToaBHTesqB6ODKvjWVXiYLnGXXEPV13hVUyo6IJuVniR7j8F ch40blh1tpua/+8kgy8GLx+1UDFY0RnQCD1e0fl5xXAi81HSlZ4OrrmjesJmS3D1pr 4jlywoWKYs+0wl8JbkOBg/BsWZtwEgAl+rAv+55G9DtYcnyS5OLcX/YrD36hQpwNeP /Tw6UPs5dRwgzkCbOc2DTJTmzyCIPT1KxXcxcPIE5SvJhrBgNyQ3h7FeGZ1G1caoMO O5Y4hHZB8ZmDg== Received: by mail-lj1-f178.google.com with SMTP id r12so29324290ljg.10 for ; Sun, 18 Sep 2022 05:52:29 -0700 (PDT) X-Gm-Message-State: ACrzQf2ZbKrniaqKU33o0Ueukl0gNBmJlDETAfVpBmY4dDdh/DYi0tKu RfTk+0FHUSQehog4Lu8k4wKDoxhQ3xFu7ukYrcM= X-Google-Smtp-Source: AMsMyM5UhOGHN95cS8ciZl1dLLJgFfTnfXPSnGBNa30HkyPrOx/K9X7vF9eOOdgyT4VlzPq+OeAWGWaa0TlJvbf27Gw= X-Received: by 2002:a2e:7314:0:b0:26a:ca18:60eb with SMTP id o20-20020a2e7314000000b0026aca1860ebmr3490594ljc.69.1663505547737; Sun, 18 Sep 2022 05:52:27 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "Ard Biesheuvel" Date: Sun, 18 Sep 2022 14:52:16 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: measurement to command-line/initrd for loading kernel via -kernel option To: "Xu, Min M" Cc: Ard Biesheuvel , "devel@edk2.groups.io" , "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Gerd Hoffmann Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello Min Xu, On Sat, 17 Sept 2022 at 04:53, Xu, Min M wrote: > > Hi, Ard > > I am checking the measurement behavior when loading the kernel via the QE= MU -kernel option. I find it is implemented by below 2 driver/lib: > > - OvmfPkg/QemuKernelLoaderFsDxe > > This is a separate DXE driver that exposes the virtual SimpleFileSystem = implementation that carries the kernel and initrd passed via the QEMU comma= nd line. > > - OvmfPkg/Library/X86QemuLoadImageLib > > This is the library that consumes above driver and call LoadImage/Start= Image so that the kernel image gets authenticated and/or measured. > > See https://edk2.groups.io/g/devel/message/55381 > > > > I have some questions about the implementation need your help. > > 1. In the QemuKernelLoaderFsDxe, AllocatePool is called to allocate memor= y. Why not call AllocatePages? Kernel image size may be around 15 MB, but i= nitrd size maybe much bigger. > We use the same code for the command line, which may be much smaller than a page. On some architectures (AARCH64), page allocations may be rounded up to 64k multiples. Note that AllocatePool() will automatically fall back to AllocatePages() if the allocation is sufficiently large. > 2. Kernel image is authenticated and/or measured in LoadImage. I am wonde= ring if =E2=80=9Ccommand line=E2=80=9D is measured as well? =E2=80=9CComman= d line=E2=80=9D can be treated as an external input and in my opinion it sh= ould be measured too. > > 3. The same question to initrd. Is it measured? > The initrd is measured by the EFI stub in Linux, and we are currently adding measurement of the load options to that as well: https://lore.kernel.org/all/20220916081441.1993492-2-ilias.apalodimas@linar= o.org/ The initrd is Linux specific in any case, so there, the Linux OS loader is a natural place to take care of this. The load options are being added because of the oversight in the TCG spec, which only covers load options if they are part of a Boot#### option, but between LoadImage() and StartImage, you can pass any load options you want via the loaded image protocol, so it needs to be measured as well.