[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Working Group for Secure Boot

  • To: Bob Eshleman <bobbyeshleman@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Fri, 12 Mar 2021 15:12:13 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FnjvWAL84YNJo6CW6NB//XIqNn1d9e6sefYi5QjcG08=; b=NA6Eaa4a2C44WufLjyYF9gsb/unwYf6YHkU7r0R+6YELv9cchqu8FA65YE7JXeS6og/SzcZu8wuSLNVLpUJ+q1g5oVsOC/umnUoIxtzScJh69b6rnEWpGz+OS2wakIb0OlUZcG9LnOsvCPqa4jmaI6nUflBKWwg1y4ELa9kuWvCgLWCG+SBeBjZ/yUPq6SP8+gBa+Mkbcn13Kh760xpiZhZDVmPzsT7a3XoJKGtou56GYz2lGHG6YmLmuyiSz+AyyePhM/MiAguqLdFLAHhJ5FiIM+G2hJXIR4AdB0kTjx76WBiLRasD8muYAqxHku2KAgIiHrqoNUAhv3tb46BZhQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Qq7pQcKKEvuQ5De2TEsW+pKtolnf4IkLDhrdAr1f9rXNbep6AU7kIg181ysLciwBhbYVXY4WsS4FQ5+lL8HNgnZjSR2z0RqyECekGylKiOWixiW80TUuKN/OVXpweRkRniAaA8bLQMwicem6H+Ehpdr9jNBmkzDKxlifJg6t21K/QmmVhLqu4Q1fDF8L0aT50zHqrVjNtqRGHrcGQsP3z67YuXdIMsHxdY5LweuzfUo3WXIFkn1qYTs7vKUJTDpTExeBYPleLdfqnhNBCwnpWCmeC6qgNyYd7H8etvaKJYsm9m7XjSYeU6ejUeiPOdV+gBc9oIM44Q2NO2r1Wp0/gw==
  • Authentication-results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: George Dunlap <george.dunlap@xxxxxxxxxx>, <piotr.krol@xxxxxxxxx>, Olivier Lambert <olivier.lambert@xxxxxxxx>
  • Delivery-date: Fri, 12 Mar 2021 15:12:38 +0000
  • Ironport-hdrordr: A9a23:Pmldb6mTbIqaulcREzO46x9bEObpDfOBj2dD5ilNYBxZY6Wkvu iUtrAyyQL0hDENWHsphNCHP+26TWnB8INuiLN/AZ6LZyOjnGezNolt4c/ZwzPmEzDj7eI178 tdWoBEIpnLAVB+5PyW3CCRD8sgzN6b8KqhmOfZyDNXQRt3brx7hj0ZNi+wOCRNNW17LLA+E4 eR4dcCgjKmd2geYMjTPAh7Y8HoodrXmJX6JSMcDxk85wWUyR+u4rj2Ex+Xty1uLw9n67Ek7G TDjkjF9ryu2svLtyP0+k3yy9BtmNXnwsZeH8DksKYoAxjllwrAXvUYZ5SspzYwydvfjmoCsN 6JmBs4OtQ21nW5RBDOnTLI+y3NlAkj8GXjz1jwuwqRneXcSCghA8RMwaJ1GyGpknYIh9133K JV02/xjfM+Znmh7UeNkuTgbB1kmlG5pnAvi4co/htieLATdaNLqsgn9F5Vea1wbB7S0pwtE+ VlEajnlZRrWG6dBkqp21VH/MahRTAaEBuAXyE5y7eo+gkTtnV4w0wE/dcYj3cN+bksIqM0lt jsA+BGkqpDQdQRar84LOAdQdGvAmiIeh7UNnmOSG6XW50vCjbokdra8b817OaldNghy4Yzoo 3IVBd9uXQpc0zjJMWS1PRwg17waVT4eQ6o5tBV5pB/tLG5bqHsKze/RFcnlNbli+kDA+XAMs zDe65+MrvGFy/DCIxJ1wrxV915Mn8FSvAYvd49Rhanvt/LEIv3rebWGcyjZIbFIHIBYCfSE3 EDVD/8KIFr9UawQEL1hxDXRjfDYUr60ZVsELXL3uQaxYQXX7c89zQ9uBCc3IWmODdCuqs5cA 9VO7X8iJ62omGw4CLp4gxSS15gJ3cQxI+lf2JBpAcMPU+xW60Eoc+jdWdb22bCAhd+SsjRAT NOvlgfw9PxE7WggQQZT/63OGOTiHUe4FiQSY0Hp6GF7cD5PrQ1E4ghQ640MQnQDRR6lUJLpQ 54GU45b36aMgmrpbSujZQSCu2aXcJ7mh2XLcldrm+ak16dq8EpTn4yRCWvTsaTvAYrS1Nv9x 9M2p5apIDFtSekKGM5juh9GkZLcn6rDLVPCxnAWJ9ZgYnxeAZ7TX6DgBuTjx1bQButy2wiwk jaaQGEc/DCBVRQ/lRVyLzj/l9PemKBRE5ocXxhvYphFWPJh2Zr3YawF9iO+lrUTmFH7vAWMT nDbzdXGA9oytyt/DO+mTqJFxwdt98TF92YKI5mX6DY23urJoHNqLoPGOVM+o15cPr0tPUQbO 6ZcwiJDT/xBu8zwTaJrnI9NCQckgh8rdrYnDneqESo1n82BvTfZGl8T7YAOteG8izKQe2L3J gRt6N9gcKAdkHKLviIxqHcY2Qddlf9oWuqQ/oprp4Rl6Qor7d3F4TaVzyN9Hwv5mRIEO7E0G clBIJ86/T9H6UqWeo4USdQ5EAom9SCN1FDiH28PsYOOXUWy0bGNNaI6YfSobUhAke9tBL9UG PvhxF1zrPgZW+/zrYUBKI7HHROZGU94Hpk+vmed4e4MnTdS8hzuH67OGS6arlTVeysHqgRtA 9z57iz7qKqXhu9/ADbpj1gJK1St06hXMOpGQqJXcpF6cazN1jJoqyk5qeI/XvKYAr+T0QTno tec0MMKuxFlzk5lYUylhGIdZafmDNsr3JupRd9llDs3YC64GDUWWF+WDep/Kl+bH10KXiHjc PM7O6C8m/yiQI1gaX+KA==
  • Ironport-sdr: jdBUaSxV4KDSvVN9ShbE4iDlU0z3LyG6iyIS54CGYGyCE0OrLsAhlHMjfEnpT6EelKDFc4NEkb hn6znnPQ0aBlDozTW0QECap3B0p9q/PzlC6seEZQMyn399t3jsNDKf0VpjXovOFMSxZGxKFecg gz+NiriHnCS0DCzLN0hsVX3WI4v/SXTHW8qhDf7cC8/CdCve411bxRlPomjjraVVG4BJXSXq2e alzqSLlENSAeqon+rIT1RhyQjNemEEMIT6SMw6Mf9vFaLl/U5POLmgJCAp00ce7c/t2oRHjzuA sXU=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 11/03/2021 18:34, Bob Eshleman wrote:
> Hey all,
>
> We would like to start a working group for secure boot support in Xen
> to coordinate the various interested parties and set out a plan for
> the feature and its implications for the whole Xen system.
>
> The end goal is a full implementation that restricts the interfaces
> dom0 has to affect Xen, akin to Linux's lockdown LSM.  This implicates
> important parts of the ABI (e.g., /dev/xen/privcmd/) and so will
> require input from the greater community.
>
> I'm not familiar with how working groups function in the Xen project,
> so this email also opens the floor for suggestions as to how this might
> be managed.
>
> We'd love to hear from anyone interested in such a group and how the
> community as a whole feels about such an effort.

Count me in.  This is years and years overdue.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.