[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 4/4] efi: Do not use command line if secure boot is enabled.



On 16.09.2020 10:50, Trammell Hudson wrote:
> On Wednesday, September 16, 2020 3:45 AM, Roger Pau Monné 
> <roger.pau@xxxxxxxxxx> wrote:
>> On Mon, Sep 14, 2020 at 07:50:13AM -0400, Trammell Hudson wrote:
>>> If secure boot is enabled, the Xen command line arguments are ignored.
>>> If a unified Xen image is used, then the bundled configuration, dom0
>>> kernel, and initrd are prefered over the ones listed in the config file.
>>
>> I understand that you must ignore the cfg option when using the
>> bundled image, but is there then an alternative way for passing the
>> basevideo and mapbs parameters?
> 
> The cfg option will be ignored regardless since a bundled config
> (or kernel, ramdisk, etc) takes precedence over any files,
> so perhaps parsing the command line is not as much of a risk
> as initially thought.
> 
> The concern is that *any* non-signed configuration values are
> potentially a risk, even if we don't see exactly how the attacker
> can use them right now. Especially if an option is added later
> and we haven't thought about the security ramifications of it.
> 
>> Or there's simply no way of doing so when using secure boot with a
>> bundled image?
> 
> Should these options be available in the config file instead?
> That way the system owner can sign the configuration and ensure
> that an adversary can't change them.

Not really, no. /basevideo needs evaluating very early in any event,
before any (regular) output gets produced. /mapbs could be parsed
later, but the early boot code intentionally does not make any
attempt at parsing the command line options designated for the
common parts of xen.gz and xen.efi. Yet the map_bs variable has one
use in early boot code (i.e. before handing over to __start_xen()).

Jan



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.