From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.7989.1663774890074528779
 for <devel@edk2.groups.io>;
 Wed, 21 Sep 2022 08:41:30 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=K1i0Bhfs;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 7362463128
	for <devel@edk2.groups.io>; Wed, 21 Sep 2022 15:41:29 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6D316C43141
	for <devel@edk2.groups.io>; Wed, 21 Sep 2022 15:41:28 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1663774888;
	bh=5OL/s5a0JptKheUomfuU66Sk0tOgkuFwv37chZfyMQM=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
	b=K1i0BhfsMUIQcL3E1GUAxlfQR4kBhtS163/8PFXzAmcpkM6r229A/2DK9SbWilccc
	 BC2r6n9ccIE3c1Mp/LcZuh9Oo1xAtGRmw+1oeLoh7HXNEjeK1Wtu5JULvs6kpImq0j
	 wBHZoEOAFdDJMlntPjxwdhEeg6b7ckUIhJaEPxZhad3yr54p5jgAPtfBkR42PQM94J
	 /8jhJRx2R8NuvXd4jmEXDtYl97IER7a2fet9t72yOZf79/zmchgKSmwZZCbM4U96qr
	 +JC/yy3G4bVOgVGpEonYJo4OFFpxTIBOAj8yM9yPUYvh6Ttwm3s9aYsxHbVPIen+/K
	 PenaRXAn3gHeg==
Received: by mail-lj1-f171.google.com with SMTP id s10so7514047ljp.5
        for <devel@edk2.groups.io>; Wed, 21 Sep 2022 08:41:28 -0700 (PDT)
X-Gm-Message-State: ACrzQf27gKCSy0Koty/piU7jaHblKRlJoMW3Vk4E6Kf9uYzOoxf7wY8w
	y2kuwehOFC1X8h+62s4+A/NxXMJg5+uwZPjQrTc=
X-Google-Smtp-Source: AMsMyM5ZetkYpKdSadkddHJX/Eu7gUbqb59etjqxWNn0MW/H7+bjpVxr/033/T5lPgyFIWORyZhTHfsT8Scp4UkOjFY=
X-Received: by 2002:a05:651c:1a26:b0:26c:4c0d:b10a with SMTP id
 by38-20020a05651c1a2600b0026c4c0db10amr5685704ljb.415.1663774886310; Wed, 21
 Sep 2022 08:41:26 -0700 (PDT)
MIME-Version: 1.0
References: <CAMj1kXEVvOWPdVr6VrsCGR1LnVBZvepLcVOpBXqS6zGj-h23Qw@mail.gmail.com>
 <PH0PR11MB50640586CDB43B707746038BC54D9@PH0PR11MB5064.namprd11.prod.outlook.com>
 <CAMj1kXG7OSn9ypnN4tZGPH-RhqCBZjYNy6xZ2XU2Bvpnq+0X+A@mail.gmail.com>
 <DM6PR11MB3674766FF339E5C4E3BB1551984C9@DM6PR11MB3674.namprd11.prod.outlook.com>
 <20220920132027.y4yz4ugghpilqplx@sirius.home.kraxel.org> <DM6PR11MB3674A579D2F63A8A26F4E1F1984C9@DM6PR11MB3674.namprd11.prod.outlook.com>
 <20220920141823.byhnbirfnl777jql@sirius.home.kraxel.org> <DM6PR11MB36749B88FC1F1B8413413861984C9@DM6PR11MB3674.namprd11.prod.outlook.com>
 <20220921071409.5oziya6kcfvkkkp7@sirius.home.kraxel.org> <BN8PR11MB3666B670948C83356604869A984F9@BN8PR11MB3666.namprd11.prod.outlook.com>
 <20220921122706.itqekzbwmjt6brns@sirius.home.kraxel.org>
In-Reply-To: <20220921122706.itqekzbwmjt6brns@sirius.home.kraxel.org>
From: "Ard Biesheuvel" <ardb@kernel.org>
Date: Wed, 21 Sep 2022 17:41:14 +0200
X-Gmail-Original-Message-ID: <CAMj1kXFLMNZLdd+Rm2EnhxJrnG2kahXgjA=AM2vFm08AkuXt4w@mail.gmail.com>
Message-ID: <CAMj1kXFLMNZLdd+Rm2EnhxJrnG2kahXgjA=AM2vFm08AkuXt4w@mail.gmail.com>
Subject: Re: [edk2-devel] measurement to command-line/initrd for loading kernel via -kernel option
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: "Lu, Ken" <ken.lu@intel.com>, "Xu, Min M" <min.m.xu@intel.com>, 
	Daniel Kiper <daniel.kiper@oracle.com>, "devel@edk2.groups.io" <devel@edk2.groups.io>, 
	Ard Biesheuvel <ardb+tianocore@kernel.org>, "Aktas, Erdem" <erdemaktas@google.com>, 
	James Bottomley <jejb@linux.ibm.com>, "Yao, Jiewen" <jiewen.yao@intel.com>
Content-Type: text/plain; charset="UTF-8"

On Wed, 21 Sept 2022 at 14:27, Gerd Hoffmann <kraxel@redhat.com> wrote:
>
> On Wed, Sep 21, 2022 at 11:24:11AM +0000, Lu, Ken wrote:
> > >
> > > > But either in GenericQemuLoadImageLib, it can do measurement for
> > > command line and initrd, correct?
> > >
> > > Yes, it could.  But why given that the linux kernel efi stub measures anyway?
>
> > If the final decision is the measurement should be done by efi stub in
> > Linux kernel.
>
> The reference should be the workflow when you boot linux from efi shell
> or using a BootNNNN entry.  Which I think is:
>
>   (1) linux kernel is loaded + measured via Loadimage().
>   (2) linux kernel is started via efi stub entry point.
>   (3) linux kernel efi stub loads and measures the initrd.
>
> Not fully sure about the command line measurement, IIRC Ard described
> that in one of the replies.
>

If the image was booted from a BootNNNN entry, the entire variable
will be measured into the TPM, including the load options aka command
line.

If you use the shell or another loader that has no explicit awareness
of secure boot or measured boot, the load options are not measured at
all.

> > Do we also need remove today's measurement in Grub (I
> > have submitted some patch for TDX in grub...)?
>
> Those patches are perfectly fine, tpm measurement and tdx measurement
> should be consistent.  In case the grub measurement workflow needs
> changes to avoid double measurements (not sure this is actually the
> case) those changes should apply to both tpm and tdx.
>

Agreed. I think the decision what to measure and what not to measure
is orthogonal to the type of measured boot that is being used.

> > According to Bottomley, the same measurement should not be done twice.
>
> Yes, this is the way it should be, although the current state of affairs
> is a bit messy and I think we are a bit away from that ideal.
>
> > Or only the one who use GenericQemuLoadImageLib, will give the Linux
> > kernel efi stub for measure?
>
> I think we don't have to do anything special in GenericQemuLoadImageLib
> because the lib uses Loadimage() which should handle measurement.
>