Xen project Mailing List

Re: Working Group for Secure Boot

To: Bob Eshleman <bobbyeshleman@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Fri, 12 Mar 2021 17:06:23 +0000

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FPS0+tf586JHmAWGdHQRB80+GLdISvZU62xO+Jbs9fo=; b=QMO8N/sQhD5WCVOD08TE42zDWk5qjl69PtvHo8uNE/i2xpBeCeaWYJyf1s7gfXZRGq7EFMPQY67oyzIOpUM5wcb7s/sMDLLIC+Ng2dFweTe6YBrwgoz1O2hsu5t6tcgpHeTsCcejb9OAV/PXE7qZTTrbIYXTfeunkor7QS1++lh8aXvaHMCLVQhJUWshyqrmT6ZBCF+mNZoVjgJw4RAafBP+uTZsjqhB/WpSUlrQsTZ2BQTy5HKqX/l+ZbeCu4LVDZ8PYuJtKNrlebbzu+RX1I6hEYfMl740DcjQHTIIE8N3nRoD/ru4WB6bPKctBZxrOnQ+wPpRP7g5wx+Zmb83Wg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Xt3Z2aYzZQNf2zWm1hG/7eBUcRicSGmOICFQn2WA397X91HOYteQVjpyJLNdLpENkDDYUzFZChjrSiXZYca17/4iRn50OhsAJY5i1hLrz3xGmSNQDjWJvUYGlotJvNRi3YmV6G/FdK/uNVd8nJtgvS15g+/2wtPNJphOrTON3z4amVdVoTHPsjf0JEy782AyfbSHUG+74tANnQKdPFd4R01/jNFg3y2CSXWG9yrAbfCLp8ZJYczzMBnhlPP5Wdr4WooGma0KCDphuk1KJvToGRUdIx0q8OGbcq0cewR0TVccWrGPYJCGaDOHfvsmfujf0fvbNxwuh41Au4YahZKWUA==

Authentication-results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com

Cc: Roman Shaposhnik <roman@xxxxxxxxxx>

Delivery-date: Fri, 12 Mar 2021 17:06:42 +0000

Ironport-hdrordr: A9a23:WyxUxKuVxTYlttMbp3hIMR8/7skC/YYji2hD6mlwRA09T+WxrO rrtOgH1BPylTYaUGwhn9fFA6WbXXbA7/dOj7U5FYyJGC3ronGhIo0n14vtxDX8Bzbzn9Qz6Y 5JSII7MtH5CDFB4frSyBWkEtom3dmM+L2pg+Cb9Ht2UQR2cchbjztRICzzKDwQeCBtA50lGJ 2Aou9OoDS9cXoaB/7LeEUtde7FutHNidbaehYAHREq802jijmv5b78HXGjr2gjehlIxqov9n WArhzh6syYwo2G4zL/90uW1ZRZn9P91sBObfbstuE5Iijh4zzYH7hJdKaFuFkO0ZiSwXYs1O LBuhIxe/l0gkmhA12dhTvI903e3C0163nkoGXo80fLhcDiXjo1B45gqOtiA2PkwnEttt19z6 5Htljx3/E8YGKi7UaNk+TgbB1kmlG5pnAvi4co/hpieLATdaNLqsgn9F5Vea1wbx7S0pwtE+ VlEajnlZNrWG6dBkqp2lVH/MahRTAaEBuAXyE5y7ao+gkTtnV4w0wE/dcYj3cN+bksIqM0l9 jsA+BGkqpDQdQRar84LOAdQdGvAmiIeh7UNnmOSG6XW50vCjbokdra8b817OaldNghy4Yzoo 3IVBd9uXQpc0zjJMWS1PRwg17waVT4eQ6o5tBV5pB/tLG5bqHsKze/RFcnlNbli+kDA+XAMs zDe65+MrvGFy/DCIxJ1wrxV915Mn8FSvAYvd49Rhanvt/LEIv3rebWGcyjZIbFIHIBYCfSE3 EDVD/8KIFr9UawQEL1hxDXRjfDYUr60ZVsELXL3uQaxYQXX7c89zQ9uBCc3IWmODdCuqs5cA 9VO7X8iJ62omGw4CLp4gxSS15gJ3cQxI+lf2JBpAcMPU+xW60Eoc+jdWdb22bCAhd+SsjRAT NOvlgfw9PxE7WggQQZT/63OGOTiHUe4FiQSY0Hp6GF7cD5PrQ1E4ghQ640MQnQDRR6lUJLpQ 54GU45b36aMgmrpbSujZQSCu2aXcJ7mh2XLcldrm+ak16dq8EpTn4yRCWvTsaTvAYrS1Nv9x 9M2p5apIDFtSekKGM5juh9GkZLcn6rDLVPCxnAWJ9ZgYnxeAZ7TX6DgBuTjx1bQButy2wiwk jaaQGEc/DCBVRQ/lRVyLzj/l9PemKBRE5ocXxhvYphFWPJh2Zr3YawF9+O+lrUTmFH7vAWMT nDbzdXGA9oytyt/DO+mTqJFxwdt98TF92YKI5mX6DY23urJoHNqLoPGOVM+o15cPr0tPUQbO 6ZcwiJDT/xBu8zwTaJrnI9NCQckgh8rdrYnDneqE620340DaCMfBBIR7QHL8qd6GahbfCSy5 l9hc80u+z1EmiZUK/x9YjnKxp4bjXUqiqKasttj7Z+l6c7rqFyEJnWSiGg7gAN4DwOaOPP0H oDS6F66o3bMoBhf8YuaztUl2BZ4+inHQ8OiEjKGecwclEmsm/DM/6I67TOr6AzAkfpnnq4BX Cvtwlc9ezCRS2NyPozDL8xO31fbCEHmTlf1dLHU43bEwOxce5fuHK8L3+mabdYDIyIA68ZoB o/w9aGmYasBmbF8TGVmTtwOaRV9Wm7Beu0HQKXAOZNt+WABm7kuNrj3OeDyBHtSTW6bEwEhY pKMWwoB/4z+wUKvckQySi9Sqv+v0Q/tUBRiAsXzmLQ5g==

Ironport-sdr: gDh6nzH+vkJ0PRgMGkGML0Uae8NB6cr3Vjzv7qUkDZtcdtgZ1K0FO+zoKEi08++lbRuGgGMrOw 9j3TwI7YwLshqvoc3SwpNSVglIotjeZiyGOKSe5X7W5WB/JHRJn+wS4eac7AzyVCJgI8QwLiUN ZVRtD83JWPfnAlsifDA5QhBC9lagwhqEG2VHd7lgBJHrOnlG9fVMwa8fxHd5vt5cUzlW24spHX 4BAP7POYEBu7lIPB2Zfwv10Ozs6Z4bolTSGH5E2defiijz++Jua/4cJLSFDTe6fFLVzrTWyL6K R18=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 11/03/2021 18:34, Bob Eshleman wrote: > Hey all, > > We would like to start a working group for secure boot support in Xen > to coordinate the various interested parties and set out a plan for > the feature and its implications for the whole Xen system. > > The end goal is a full implementation that restricts the interfaces > dom0 has to affect Xen, akin to Linux's lockdown LSM. This implicates > important parts of the ABI (e.g., /dev/xen/privcmd/) and so will > require input from the greater community. > > I'm not familiar with how working groups function in the Xen project, > so this email also opens the floor for suggestions as to how this might > be managed. > > We'd love to hear from anyone interested in such a group and how the > community as a whole feels about such an effort. > > Best regards. CCing Roman as I expect he'll be interested too. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.