On 17.09.2020 16:05, Trammell Hudson wrote: > On Thursday, September 17, 2020 8:51 AM, Jan Beulich <jbeul...@suse.com> > wrote: >> On 14.09.2020 13:50, Trammell Hudson wrote: >>> If secure boot is enabled, the Xen command line arguments are ignored. >>> If a unified Xen image is used, then the bundled configuration, dom0 >>> kernel, and initrd are prefered over the ones listed in the config file. >>> Unlike the shim based verification, the PE signature on a unified image >>> covers the all of the Xen+config+kernel+initrd modules linked into the >>> unified image. This also ensures that properly configured platforms >>> will measure the entire runtime into the TPM for unsealing secrets or >>> remote attestation. >> >> The command line may also include a part handed on to the Dom0 kernel. >> If the Dom0 kernel image comes from disk, I don't see why that part of >> the command line shouldn't be honored. Similarly, if the config file >> doesn't come from the unified image, I think Xen's command line options >> should also be honored. > > Ignoring the command line and breaking the shim behaviour in a > unified image should be ok; that is an explicit decision by the > system owner to sign and configure the new image (and the shim > is not used in a unified image anyway). > > If we have a way to detect a unified image early enough, then > we can avoid the backwards incompatibility if it is not unified.
I was assuming this was easily possible, if necessary as about the first thing we do. If it's not as easy, perhaps something wants adding to make it so? > That would require moving the config parsing to above the relocation > call. I guess I don't understand why this would be. Jan
