On 12.06.2025 09:50, Marek Marczykowski-Górecki wrote: > On Thu, Jun 12, 2025 at 12:58:51AM +0100, Andrew Cooper wrote: >> Several things are hard to express and want further discussion. Suggestions >> welcome: >> >> 1) Content of CONFIG_CMDLINE and the various CONFIG_*_DEFAULT options. Xen >> is >> not going to be issuing XSAs for "downstream chose an unsafe configuration, >> then signed and deployed the result", yet Xen probably should be on the hook >> for bad "default ..." settings in Kconfig. > > Should there be some guidelines what values are/aren't safe for UEFI SB? > I don't think there can be a simple list, for example some things may > depend on other settings and/or whether UKI is involved. But some > comment about relation to UEFI SB (in Kconfig help?) would be useful. > As for CONFIG_CMDLINE, IIUC the current implementation does cover it too > (as in, lockdown mode will filter built-in cmdline too).
For command line options I think the doc ought to include some form of annotation, at least in one direction (permitted or not permitted). For Kconfig it's less clear to me what an "insecure default" could be. Jan
