From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web10.16981.1663570728672330902 for ; Sun, 18 Sep 2022 23:58:49 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=hYK7HNci; spf=pass (domain: kernel.org, ip: 145.40.68.75, mailfrom: ardb@kernel.org) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id B4503B815A0 for ; Mon, 19 Sep 2022 06:58:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6C471C433B5 for ; Mon, 19 Sep 2022 06:58:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663570725; bh=Bn7Juy03zYflirKw2vQaofHodPiHjm+TUccEY4+nJtA=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=hYK7HNcioIJVutnN4NkexnaIhzjNlJvQhAWJ+GRGhE71RX0WOyCxvtZMiWhm3wA1S A0WuF3Xbl/HNnx9V1ArGAIXZi/Y8CiCzMuEdrFMckIOBk/EMnrj4JfFFKAhsL4nUrP kJAhcTY7yx38ICMsiia5V69aMuhEoxI9d623h5630XJdtLIib9UJUrGC2XAdBcdNKl M/tj6N+op2nD5KY8JWRtTnWzGBQwVY78gBq0c3F9B1LTUrvz56OowIyQuC1WJEE2v7 oPVwxDQlcVea6MhYbMD/Y/5E9cOi6jacBuWIFKMVaeNn6/UmDkfYUZGlxK+C9MgWEP uYDBdJLInpdWg== Received: by mail-lj1-f177.google.com with SMTP id l12so32750884ljg.9 for ; Sun, 18 Sep 2022 23:58:45 -0700 (PDT) X-Gm-Message-State: ACrzQf3/rRFdz0yVvC50W9m80/LnxJvP5dFRCt9N3Kt0FOcm4WyWs/hM hX2ga4hByGAou+2Q4VKYim/dqyN6lKbOVAdwG0A= X-Google-Smtp-Source: AMsMyM4S6k/WHgF5x+yquRmZKh8/e7fSLsUwQgj06ltBbCLLCnvMbJbIrq+0AWFn8f3wMxkKqh/qN9VGYytJsKMi9XI= X-Received: by 2002:a05:651c:1a26:b0:26c:4c0d:b10a with SMTP id by38-20020a05651c1a2600b0026c4c0db10amr1561781ljb.415.1663570723449; Sun, 18 Sep 2022 23:58:43 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "Ard Biesheuvel" Date: Mon, 19 Sep 2022 08:58:32 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [edk2-devel] measurement to command-line/initrd for loading kernel via -kernel option To: "Xu, Min M" Cc: "devel@edk2.groups.io" , Ard Biesheuvel , "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Gerd Hoffmann , "Lu, Ken" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, 19 Sept 2022 at 04:13, Xu, Min M wrote: > > On September 18, 2022 8:52 PM, Ard Biesheuvel wrote: > > Hello Min Xu, > > > > On Sat, 17 Sept 2022 at 04:53, Xu, Min M wrote: > > > > > > Hi, Ard > > > > > > I am checking the measurement behavior when loading the kernel via th= e > > QEMU -kernel option. I find it is implemented by below 2 driver/lib: > > > > > > - OvmfPkg/QemuKernelLoaderFsDxe > > > > > > This is a separate DXE driver that exposes the virtual SimpleFileSys= tem > > implementation that carries the kernel and initrd passed via the QEMU > > command line. > > > > > > - OvmfPkg/Library/X86QemuLoadImageLib > > > > > > This is the library that consumes above driver and call > > LoadImage/StartImage so that the kernel image gets authenticated and/or > > measured. > > > > > > See https://edk2.groups.io/g/devel/message/55381 > > > > > > > > > > > > I have some questions about the implementation need your help. > > > > > > 2. Kernel image is authenticated and/or measured in LoadImage. I am > > wondering if =E2=80=9Ccommand line=E2=80=9D is measured as well? =E2=80= =9CCommand line=E2=80=9D can be > > treated as an external input and in my opinion it should be measured to= o. > > > > > > 3. The same question to initrd. Is it measured? > > > > > > > The initrd is measured by the EFI stub in Linux, and we are currently a= dding > > measurement of the load options to that as well: > > https://lore.kernel.org/all/20220916081441.1993492-2- > > ilias.apalodimas@linaro.org/ > > > > The initrd is Linux specific in any case, so there, the Linux OS loader= is a > > natural place to take care of this. The load options are being added be= cause > > of the oversight in the TCG spec, which only covers load options if the= y are > > part of a Boot#### option, but between > > LoadImage() and StartImage, you can pass any load options you want via = the > > loaded image protocol, so it needs to be measured as well. > > > Thanks Ard for the explanation. > I was told that in grub boot cmd-line/initrd will be measured as well. So= my question is that will they be measured twice? One in grub.efi, the othe= r in efi-stub? > The EFI stub may be the only OS loader, so the EFI stub should measure the command line and the initrd. Whether or not a previous loader stage exists that may or may not measure the same pieces is not for the EFI stub to reason about. And in any case, measuring the same thing twice is much less of an issue than not measuring it at all. > My understanding is that the loader should take the responsibility to do = the measurement. > For grub boot, grub.efi is the loader so it measures kernel-image/cmd-lin= e/initrd. If the EFI stub is invoked, the EFI stub is the OS loader. We should not be relying on the presence of absence of GRUB (or shim) in the boot chain. > For direct boot, TryRunningQemuKernel() now measures kernel image (in Cor= eLoadImage). Shall it also measure cmd-line/initrd in the same time? > No, I don't think it should. This is why we are adding this to the EFI stub instead. If we measure the initrd and command line in the EFI stub, we don't have to measure it anywhere else, and we can use any generic EFI loader on a measured boot system.