<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-US" link="blue" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Yes?</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I think I asked Peter to add the defense in depth trap to prevent accidents. If the chain of authentication is maintained throughout boot and ring 0 (or higher privilege) for the duration of the boot cycle, then you’ve likely satisfied
the threat model. At present, I believe the SHIM developers and review folks, they’re time is focused on revocation improvements to SHIM.</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Kind regards,</p>
<p class="MsoNormal">Jeremiah</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="mso-element:para-border-div;border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="border:none;padding:0in"><b>From: </b><a href="mailto:paul@paul-moore.com">Paul Moore</a><br>
<b>Sent: </b>Monday, December 7, 2020 07:58<br>
<b>To: </b><a href="mailto:fmartine@redhat.com">Javier Martinez Canillas</a>; <a href="mailto:pjones@redhat.com">
Peter Jones</a><br>
<b>Cc: </b><a href="mailto:william.c.roberts@intel.com">Roberts, William C</a>; <a href="mailto:efi@lists.einval.com">
efi@lists.einval.com</a>; <a href="mailto:James.Bottomley@hansenpartnership.com">
James Bottomley</a>; <a href="mailto:mjg59@google.com">Matthew Garrett</a>; <a href="mailto:nicolasoliver03@gmail.com">
nicolasoliver03@gmail.com</a><br>
<b>Subject: </b>Re: Adventures with the UEFI shim</p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">On Wed, Dec 2, 2020 at 5:02 PM Paul Moore <paul@paul-moore.com> wrote:<br>
> On Wed, Dec 2, 2020 at 1:37 PM Javier Martinez Canillas<br>
> <fmartine@redhat.com> wrote:<br>
> > On 12/2/20 6:49 PM, Paul Moore wrote:<br>
> > > On Tue, Nov 24, 2020 at 1:58 PM Paul Moore <paul@paul-moore.com> wrote:<br>
> > >> On Tue, Nov 17, 2020 at 11:34 AM Paul Moore <paul@paul-moore.com> wrote:<br>
> > >>> Relying on the signed distro build highlights the idea that the<br>
> > >>> ExitBootServices check isn't critical to the UEFI SB security model;<br>
> > >>> the important authorization is the signature on the bootloader itself,<br>
> > >>> not whether or not the bootloader calls into the shim verification<br>
> > >>> protocol.<br>
> > >>><br>
> > >>> Regardless, as you said, this isn't our code, it would be nice to hear<br>
> > >>> a verdict from the shim maintainers on the ExitBootServices check.<br>
> > >><br>
> > >> Thoughts Peter?<br>
> > ><br>
> > > Peter? Javier? Any of the UEFI shim folks?<br>
> ><br>
> > I already gave you my opinion about it but I'm not that familiar with<br>
> > that part of the shim code to have an authoritative answer on this.<br>
><br>
> Thanks Javier. Perhaps I should change my question slightly; who is<br>
> responsible for maintaining the UEFI shim, or in other words who is<br>
> going to make the final decision to accept or reject this? Is that<br>
> Peter?<br>
<br>
Bueller? Bueller?<br>
<br>
So nobody wants to claim responsibility here? That isn't very reassuring ... ;)<br>
<br>
-- <br>
paul moore<br>
<a href="https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.paul-moore.com%2F&data=04%7C01%7C%7C7aaa0229f98541cd072708d89ac8f5e2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637429535188894272%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=62SCpurwUa1Ch2IGBHOylWiekyHvOZLOFrbvPrBVce8%3D&reserved=0">https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.paul-moore.com%2F&data=04%7C01%7C%7C7aaa0229f98541cd072708d89ac8f5e2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637429535188894272%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=62SCpurwUa1Ch2IGBHOylWiekyHvOZLOFrbvPrBVce8%3D&reserved=0</a><br>
<br>
_______________________________________________<br>
Efi mailing list<br>
Efi@lists.einval.com<br>
<a href="https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.einval.com%2Fcgi-bin%2Fmailman%2Flistinfo%2Fefi&data=04%7C01%7C%7C7aaa0229f98541cd072708d89ac8f5e2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637429535188904270%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=T1Wax0fMwtvq6ptgnJdW3JcJqDpzh2%2FSh%2Fvcg1ZVzeA%3D&reserved=0">https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.einval.com%2Fcgi-bin%2Fmailman%2Flistinfo%2Fefi&data=04%7C01%7C%7C7aaa0229f98541cd072708d89ac8f5e2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637429535188904270%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=T1Wax0fMwtvq6ptgnJdW3JcJqDpzh2%2FSh%2Fvcg1ZVzeA%3D&reserved=0</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>