[PATCH 0/3] discover: Check if the kernel image has Ultravisor support
Michael Ellerman
michael at ellerman.id.au
Tue Sep 17 14:06:50 AEST 2019
Jeremy Kerr <jk at ozlabs.org> writes:
> Hi Maxiwell,
>
>> Looking the kexec_load() function, I found the call to the
>> validate_boot_files() function, that check if both signature
>> verification and decryption are valid to keep the boot.
>
> Yeah, that's a bit of a different mechanism - in that case it's up to
> petitboot to enforce a security policy.
>
>> > You're aware that petitboot is not only for POWER + ultravisor
>> > platforms, right? Your proposed patches would seem to break
>> > everything but that.
>>
>> Oh, right. The petitboot must know that the environment is a
>> ultravisor-enabled system to check this capability.
>>
>> So, are you suggesting to not touch in the petitboot code and move
>> this check to kexec or kernel itself?
>
> I think that what we're trying to provide here is some debug-ability to
> the UV kernel boot failure. So perhaps it's better for petitboot (or
> whatever else) to provide a message about a potential future failure,
> rather than petitboot totally preventing boot here.
>
> We'll probably be able to get a better warning message if we do this
> check in petitboot (eg., it can be appropriately formatted and
> translated).
>
> So, let's keep the check in petitboot, but with a couple of changes:
>
> - only run the check when we know we're on an ultravisor platform
>
> - have it log a warning that gets to the petitboot UIs (using
> update_status()), rather than aborting the boot
>
> We may want this in powerpc-specific code, which might warrant a
> platform-specific hook to validate a boot payload, called from
> boot_process(). I'll leave it to you to pick the best place for that,
> but let me know if you need a hand navigating the code.
>
> Michael - does that work for you?
I think we should block booting by default, we know (or are quite sure)
that it's not going to work.
But there should then be some mechanism for a user to force the boot if
they think they know better than us.
cheers
More information about the Petitboot
mailing list