From: "Ard Biesheuvel" <ardb@kernel.org>
To: "Xu, Min M" <min.m.xu@intel.com>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>,
Ard Biesheuvel <ardb+tianocore@kernel.org>,
"Aktas, Erdem" <erdemaktas@google.com>,
James Bottomley <jejb@linux.ibm.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>, "Lu, Ken" <ken.lu@intel.com>
Subject: Re: [edk2-devel] measurement to command-line/initrd for loading kernel via -kernel option
Date: Mon, 19 Sep 2022 08:58:32 +0200 [thread overview]
Message-ID: <CAMj1kXG7OSn9ypnN4tZGPH-RhqCBZjYNy6xZ2XU2Bvpnq+0X+A@mail.gmail.com> (raw)
In-Reply-To: <PH0PR11MB50640586CDB43B707746038BC54D9@PH0PR11MB5064.namprd11.prod.outlook.com>
On Mon, 19 Sept 2022 at 04:13, Xu, Min M <min.m.xu@intel.com> wrote:
>
> On September 18, 2022 8:52 PM, Ard Biesheuvel wrote:
> > Hello Min Xu,
> >
> > On Sat, 17 Sept 2022 at 04:53, Xu, Min M <min.m.xu@intel.com> wrote:
> > >
> > > Hi, Ard
> > >
> > > I am checking the measurement behavior when loading the kernel via the
> > QEMU -kernel option. I find it is implemented by below 2 driver/lib:
> > >
> > > - OvmfPkg/QemuKernelLoaderFsDxe
> > >
> > > This is a separate DXE driver that exposes the virtual SimpleFileSystem
> > implementation that carries the kernel and initrd passed via the QEMU
> > command line.
> > >
> > > - OvmfPkg/Library/X86QemuLoadImageLib
> > >
> > > This is the library that consumes above driver and call
> > LoadImage/StartImage so that the kernel image gets authenticated and/or
> > measured.
> > >
> > > See https://edk2.groups.io/g/devel/message/55381
> > >
> > >
> > >
> > > I have some questions about the implementation need your help.
> > >
> > > 2. Kernel image is authenticated and/or measured in LoadImage. I am
> > wondering if “command line” is measured as well? “Command line” can be
> > treated as an external input and in my opinion it should be measured too.
> > >
> > > 3. The same question to initrd. Is it measured?
> > >
> >
> > The initrd is measured by the EFI stub in Linux, and we are currently adding
> > measurement of the load options to that as well:
> > https://lore.kernel.org/all/20220916081441.1993492-2-
> > ilias.apalodimas@linaro.org/
> >
> > The initrd is Linux specific in any case, so there, the Linux OS loader is a
> > natural place to take care of this. The load options are being added because
> > of the oversight in the TCG spec, which only covers load options if they are
> > part of a Boot#### option, but between
> > LoadImage() and StartImage, you can pass any load options you want via the
> > loaded image protocol, so it needs to be measured as well.
> >
> Thanks Ard for the explanation.
> I was told that in grub boot cmd-line/initrd will be measured as well. So my question is that will they be measured twice? One in grub.efi, the other in efi-stub?
>
The EFI stub may be the only OS loader, so the EFI stub should measure
the command line and the initrd.
Whether or not a previous loader stage exists that may or may not
measure the same pieces is not for the EFI stub to reason about. And
in any case, measuring the same thing twice is much less of an issue
than not measuring it at all.
> My understanding is that the loader should take the responsibility to do the measurement.
> For grub boot, grub.efi is the loader so it measures kernel-image/cmd-line/initrd.
If the EFI stub is invoked, the EFI stub is the OS loader. We should
not be relying on the presence of absence of GRUB (or shim) in the
boot chain.
> For direct boot, TryRunningQemuKernel() now measures kernel image (in CoreLoadImage). Shall it also measure cmd-line/initrd in the same time?
>
No, I don't think it should. This is why we are adding this to the EFI
stub instead.
If we measure the initrd and command line in the EFI stub, we don't
have to measure it anywhere else, and we can use any generic EFI
loader on a measured boot system.
next prev parent reply other threads:[~2022-09-19 6:58 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-17 2:52 measurement to command-line/initrd for loading kernel via -kernel option Min Xu
2022-09-18 12:52 ` Ard Biesheuvel
2022-09-19 2:13 ` [edk2-devel] " Min Xu
2022-09-19 6:58 ` Ard Biesheuvel [this message]
2022-09-20 0:20 ` Min Xu
2022-09-20 12:29 ` Ard Biesheuvel
2022-09-20 12:55 ` Lu, Ken
2022-09-20 13:03 ` Ard Biesheuvel
2022-09-20 13:24 ` Lu, Ken
2022-09-20 13:43 ` James Bottomley
2022-09-20 14:34 ` Ard Biesheuvel
2022-09-20 14:51 ` Ard Biesheuvel
2022-09-20 15:14 ` Lu, Ken
2022-09-20 13:20 ` Gerd Hoffmann
2022-09-20 13:38 ` Lu, Ken
2022-09-20 14:18 ` Gerd Hoffmann
2022-09-20 14:30 ` Lu, Ken
2022-09-21 7:14 ` Gerd Hoffmann
2022-09-21 11:24 ` Lu, Ken
2022-09-21 12:27 ` Gerd Hoffmann
2022-09-21 15:41 ` Ard Biesheuvel
2022-09-23 9:34 ` Ilias Apalodimas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMj1kXG7OSn9ypnN4tZGPH-RhqCBZjYNy6xZ2XU2Bvpnq+0X+A@mail.gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox