Xen project Mailing List

Re: [XEN PATCH] sbat: Add SBAT section to the xen binary

From: Demi Marie Obenour <demiobenour@xxxxxxxxx>

Date: Thu, 1 May 2025 15:31:36 -0400

Autocrypt: addr=demiobenour@xxxxxxxxx; keydata= xsFNBFp+A0oBEADffj6anl9/BHhUSxGTICeVl2tob7hPDdhHNgPR4C8xlYt5q49yB+l2nipd aq+4Gk6FZfqC825TKl7eRpUjMriwle4r3R0ydSIGcy4M6eb0IcxmuPYfbWpr/si88QKgyGSV Z7GeNW1UnzTdhYHuFlk8dBSmB1fzhEYEk0RcJqg4AKoq6/3/UorR+FaSuVwT7rqzGrTlscnT DlPWgRzrQ3jssesI7sZLm82E3pJSgaUoCdCOlL7MMPCJwI8JpPlBedRpe9tfVyfu3euTPLPx wcV3L/cfWPGSL4PofBtB8NUU6QwYiQ9Hzx4xOyn67zW73/G0Q2vPPRst8LBDqlxLjbtx/WLR 6h3nBc3eyuZ+q62HS1pJ5EvUT1vjyJ1ySrqtUXWQ4XlZyoEFUfpJxJoN0A9HCxmHGVckzTRl 5FMWo8TCniHynNXsBtDQbabt7aNEOaAJdE7to0AH3T/Bvwzcp0ZJtBk0EM6YeMLtotUut7h2 Bkg1b//r6bTBswMBXVJ5H44Qf0+eKeUg7whSC9qpYOzzrm7+0r9F5u3qF8ZTx55TJc2g656C 9a1P1MYVysLvkLvS4H+crmxA/i08Tc1h+x9RRvqba4lSzZ6/Tmt60DPM5Sc4R0nSm9BBff0N m0bSNRS8InXdO1Aq3362QKX2NOwcL5YaStwODNyZUqF7izjK4QARAQABzTxEZW1pIE1hcmll IE9iZW5vdXIgKGxvdmVyIG9mIGNvZGluZykgPGRlbWlvYmVub3VyQGdtYWlsLmNvbT7CwXgE EwECACIFAlp+A0oCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJELKItV//nCLBhr8Q AK/xrb4wyi71xII2hkFBpT59ObLN+32FQT7R3lbZRjVFjc6yMUjOb1H/hJVxx+yo5gsSj5LS 9AwggioUSrcUKldfA/PKKai2mzTlUDxTcF3vKx6iMXKA6AqwAw4B57ZEJoMM6egm57TV19kz PMc879NV2nc6+elaKl+/kbVeD3qvBuEwsTe2Do3HAAdrfUG/j9erwIk6gha/Hp9yZlCnPTX+ VK+xifQqt8RtMqS5R/S8z0msJMI/ajNU03kFjOpqrYziv6OZLJ5cuKb3bZU5aoaRQRDzkFIR 6aqtFLTohTo20QywXwRa39uFaOT/0YMpNyel0kdOszFOykTEGI2u+kja35g9TkH90kkBTG+a EWttIht0Hy6YFmwjcAxisSakBuHnHuMSOiyRQLu43ej2+mDWgItLZ48Mu0C3IG1seeQDjEYP tqvyZ6bGkf2Vj+L6wLoLLIhRZxQOedqArIk/Sb2SzQYuxN44IDRt+3ZcDqsPppoKcxSyd1Ny 2tpvjYJXlfKmOYLhTWs8nwlAlSHX/c/jz/ywwf7eSvGknToo1Y0VpRtoxMaKW1nvH0OeCSVJ itfRP7YbiRVc2aNqWPCSgtqHAuVraBRbAFLKh9d2rKFB3BmynTUpc1BQLJP8+D5oNyb8Ts4x Xd3iV/uD8JLGJfYZIR7oGWFLP4uZ3tkneDfYzsFNBFp+A0oBEAC9ynZI9LU+uJkMeEJeJyQ/ 8VFkCJQPQZEsIGzOTlPnwvVna0AS86n2Z+rK7R/usYs5iJCZ55/JISWd8xD57ue0eB47bcJv VqGlObI2DEG8TwaW0O0duRhDgzMEL4t1KdRAepIESBEA/iPpI4gfUbVEIEQuqdqQyO4GAe+M kD0Hy5JH/0qgFmbaSegNTdQg5iqYjRZ3ttiswalql1/iSyv1WYeC1OAs+2BLOAT2NEggSiVO txEfgewsQtCWi8H1SoirakIfo45Hz0tk/Ad9ZWh2PvOGt97Ka85o4TLJxgJJqGEnqcFUZnJJ riwoaRIS8N2C8/nEM53jb1sH0gYddMU3QxY7dYNLIUrRKQeNkF30dK7V6JRH7pleRlf+wQcN fRAIUrNlatj9TxwivQrKnC9aIFFHEy/0mAgtrQShcMRmMgVlRoOA5B8RTulRLCmkafvwuhs6 dCxN0GNAORIVVFxjx9Vn7OqYPgwiofZ6SbEl0hgPyWBQvE85klFLZLoj7p+joDY1XNQztmfA rnJ9x+YV4igjWImINAZSlmEcYtd+xy3Li/8oeYDAqrsnrOjb+WvGhCykJk4urBog2LNtcyCj kTs7F+WeXGUo0NDhbd3Z6AyFfqeF7uJ3D5hlpX2nI9no/ugPrrTVoVZAgrrnNz0iZG2DVx46 x913pVKHl5mlYQARAQABwsFfBBgBAgAJBQJafgNKAhsMAAoJELKItV//nCLBwNIP/AiIHE8b oIqReFQyaMzxq6lE4YZCZNj65B/nkDOvodSiwfwjjVVE2V3iEzxMHbgyTCGA67+Bo/d5aQGj gn0TPtsGzelyQHipaUzEyrsceUGWYoKXYyVWKEfyh0cDfnd9diAm3VeNqchtcMpoehETH8fr RHnJdBcjf112PzQSdKC6kqU0Q196c4Vp5HDOQfNiDnTf7gZSj0BraHOByy9LEDCLhQiCmr+2 E0rW4tBtDAn2HkT9uf32ZGqJCn1O+2uVfFhGu6vPE5qkqrbSE8TG+03H8ecU2q50zgHWPdHM OBvy3EhzfAh2VmOSTcRK+tSUe/u3wdLRDPwv/DTzGI36Kgky9MsDC5gpIwNbOJP2G/q1wT1o Gkw4IXfWv2ufWiXqJ+k7HEi2N1sree7Dy9KBCqb+ca1vFhYPDJfhP75I/VnzHVssZ/rYZ9+5 1yDoUABoNdJNSGUYl+Yh9Pw9pE3Kt4EFzUlFZWbE4xKL/NPno+z4J9aWemLLszcYz/u3XnbO vUSQHSrmfOzX3cV4yfmjM5lewgSstoxGyTx2M8enslgdXhPthZlDnTnOT+C+OTsh8+m5tos8 HQjaPM01MKBiAqdPgksm1wu2DrrwUi6ChRVTUBcj6+/9IJ81H2P2gJk3Ls3AVIxIffLoY34E +MYSfkEjBz0E8CLOcAw7JIwAaeBT

Delivery-date: Thu, 01 May 2025 19:31:15 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 5/1/25 7:34 AM, Andrew Cooper wrote: > On 01/05/2025 11:49 am, Gerald Elder-Vass wrote: >> The SBAT section provides a way for the binary to declare a generation >> id for its upstream source and any vendor changes applied. A compatible >> loader can then revoke vulnerable binaries by generation, using the >> binary's declared generation id(s) to determine if it is safe to load. >> >> More information about SBAT is available here: >> https://github.com/rhboot/shim/blob/main/SBAT.md >> >> Vendors should append a custom line onto sbat.csv(.in) with their vendor >> specific sbat data. >> >> Populate the SBAT section in the Xen binary by using the information >> in xen/arch/x86/sbat.csv.in >> >> Signed-off-by: Gerald Elder-Vass <gerald.elder-vass@xxxxxxxxx> >> Signed-off-by: Frediano Ziglio <frediano.ziglio@xxxxxxxxx> >> Tested-by: Gerald Elder-Vass <gerald.elder-vass@xxxxxxxxx> > > Thankyou for starting to post these patches. > > The commit message needs that SBAT is a revocation scheme for UEFI > SecureBoot, and mandatory now if you want to get signed by Microsoft. > This wants to be the first sentence, IMO. > > That in turn also explains why it's in the EFI binary only, and > discarded from the ELF binary. > >> diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile >> index d902fb7accd9..6db7475c2c23 100644 >> --- a/xen/arch/x86/Makefile >> +++ b/xen/arch/x86/Makefile >> @@ -74,6 +74,7 @@ obj-$(CONFIG_TBOOT) += tboot.o >> obj-y += hpet.o >> obj-y += vm_event.o >> obj-y += xstate.o >> +obj-y += sbat_data.o > > These should be sorted by file name (although hpet.o is clearly out of > order here). > > Where possible, please use dash rather than underscore in filenames, > although in this case I'd shorten it to just sbat.o and bypass that problem. > >> >> ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y) >> obj-y += domctl.o >> @@ -277,6 +278,12 @@ $(obj)/efi.lds: AFLAGS-y += -DEFI >> $(obj)/xen.lds $(obj)/efi.lds: $(src)/xen.lds.S FORCE >> $(call if_changed_dep,cpp_lds_S) >> >> +$(obj)/sbat.csv: $(src)/sbat.csv.in >> + sed "s/@@VERSION@@/${XEN_FULLVERSION}/" $< > $@ >> + >> +$(obj)/sbat_data.o: $(obj)/sbat.csv >> + $(OBJCOPY) -I binary -O elf64-x86-64 --rename-section >> .data=.sbat,readonly,data,contents $< $@ >> + >> clean-files := \ >> include/asm/asm-macros.* \ >> $(objtree)/.xen-syms.[0-9]* \ >> diff --git a/xen/arch/x86/sbat.csv.in b/xen/arch/x86/sbat.csv.in >> new file mode 100644 >> index 000000000000..7cdc33dbd998 >> --- /dev/null >> +++ b/xen/arch/x86/sbat.csv.in >> @@ -0,0 +1,2 @@ >> +sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md >> +xen,1,Linux Foundation,xen,@@VERSION@@,https://xenproject.org/ > > I know this is what the SBAT spec says to do, but it's unworkable. > > Upstream Xen cannot state or maintain a global generation ID on behalf > of it's downstreams. This is true in general, not just for Xen. > > For us (XenServer), this needs to be a line starting xen.xenserver, > because we (and only we) know how our Xen is built and configured. > Every other downstream will need to do the same. > > So, either we want just the SBAT line an nothing else, or we want some > kind of "to be filled in by the OSV" info, to make it clear that people > need to alter it. > > When UEFI SecureBoot becomes security supported, the security team > probably wants to note in XSAs whether the issue constitutes a breach of > UEFI-SB, and remind downstreams to bump their generation IDs. What about having both? One of the goals of SBAT is to keep the size of revocations under control. That requires as many downstreams as possible to share an SBAT section entry so that a single revocation can be used for all of them. If everyone uses a different SBAT entry, does SBAT provide any functionality beyond meeting Microsoft requirements? -- Sincerely, Demi Marie Obenour (she/her/hers)

Attachment: OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.