From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from blyat.fensystems.co.uk (blyat.fensystems.co.uk [54.246.183.96])
 by mx.groups.io with SMTP id smtpd.web08.5772.1617875735879595242
 for <devel@edk2.groups.io>;
 Thu, 08 Apr 2021 02:55:36 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: ipxe.org, ip: 54.246.183.96, mailfrom: mcb30@ipxe.org)
Received: from dolphin.home (unknown [IPv6:2a00:23c6:5495:5e00:72b3:d5ff:feb1:e101])
	by blyat.fensystems.co.uk (Postfix) with ESMTPSA id E1C4E44289;
	Thu,  8 Apr 2021 09:55:31 +0000 (UTC)
Subject: Re: [edk2-devel] [GSoC proposal] Secure Image Loader
To: =?UTF-8?Q?Marvin_H=c3=a4user?= <mhaeuser@posteo.de>,
 devel@edk2.groups.io, Laszlo Ersek <lersek@redhat.com>,
 Andrew Fish <afish@apple.com>, Michael Kinney <michael.d.kinney@intel.com>
References: <c4e4ecc9-f4d2-f379-cbe9-2dee86f0cdb5@posteo.de>
 <a4e93ea3-bfe1-9a4c-ec44-52d74e4dd9dc@ipxe.org>
 <e80b2fdc-c8e4-00d8-4a3e-7ce459383518@posteo.de>
 <471e56d3-934f-6bb3-52d7-4892f6a75509@ipxe.org>
 <3bfbdd8d-9417-77f4-6444-5841e685548f@posteo.de>
 <cb8388d5-5581-a5ee-0a39-8ee714b269dc@ipxe.org>
 <c4eeea74-4c9e-d5fb-9743-f038438e388e@posteo.de>
From: "Michael Brown" <mcb30@ipxe.org>
Message-ID: <f43f8599-1c9b-d96d-4d0f-324e76c9b163@ipxe.org>
Date: Thu, 8 Apr 2021 10:55:31 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.7.0
MIME-Version: 1.0
In-Reply-To: <c4eeea74-4c9e-d5fb-9743-f038438e388e@posteo.de>
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
	autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	blyat.fensystems.co.uk
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

On 08/04/2021 10:41, Marvin H=C3=A4user wrote:
> No,=20
> backwards-compatibility will not be broken in the sense that the old AP=
I=20
> is absent or malfunctioning.

Perfect. :)

> As I *have* said, I imagine there to be an=20
> option (default true) to expose both variants.

Very much less perfect.  The mere existence of such an option=20
immediately reimposes the burden on external code to support both,=20
because it opens up the possibility of running on systems where the=20
option is set to false.

> With default settings, I=20
> want the loader to be at the very least mostly plug-'n'-play with=20
> existing platform drivers and OS loaders from the real world. "Mostly"=20
> can be clarified further once we have a detailed plan on the changes=20
> (and responses to e.g. malformed binary issues with iPXE and GNU-EFI).

Yes; thank you for https://github.com/ipxe/ipxe/pull/313.  It will take=20
some time to review.

As a practical consideration: unless there is a security reason to do=20
otherwise, you should almost certainly relax the constraints on images=20
that your loader will accept, to avoid causing unnecessary end-user=20
disruption.  What is the *security* reason behind your alignment=20
requirements (which clearly are not required by any other toolchain,=20
including those used for signing Secure Boot binaries)?

Thanks,

Michael