[PATCH 0/3] discover: Check if the kernel image has Ultravisor support
Jeremy Kerr
jk at ozlabs.org
Fri Sep 13 09:37:32 AEST 2019
Hi Maxiwell,
> Looking the kexec_load() function, I found the call to the
> validate_boot_files() function, that check if both signature
> verification and decryption are valid to keep the boot.
Yeah, that's a bit of a different mechanism - in that case it's up to
petitboot to enforce a security policy.
> > You're aware that petitboot is not only for POWER + ultravisor
> > platforms, right? Your proposed patches would seem to break
> > everything but that.
>
> Oh, right. The petitboot must know that the environment is a
> ultravisor-enabled system to check this capability.
>
> So, are you suggesting to not touch in the petitboot code and move
> this check to kexec or kernel itself?
I think that what we're trying to provide here is some debug-ability to
the UV kernel boot failure. So perhaps it's better for petitboot (or
whatever else) to provide a message about a potential future failure,
rather than petitboot totally preventing boot here.
We'll probably be able to get a better warning message if we do this
check in petitboot (eg., it can be appropriately formatted and
translated).
So, let's keep the check in petitboot, but with a couple of changes:
- only run the check when we know we're on an ultravisor platform
- have it log a warning that gets to the petitboot UIs (using
update_status()), rather than aborting the boot
We may want this in powerpc-specific code, which might warrant a
platform-specific hook to validate a boot payload, called from
boot_process(). I'll leave it to you to pick the best place for that,
but let me know if you need a hand navigating the code.
Michael - does that work for you?
Cheers,
Jeremy
More information about the Petitboot
mailing list