Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE

From:	Ross Lagerwall
Subject:	Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type
Date:	Thu, 14 Mar 2024 09:30:54 +0000

On Thu, Mar 14, 2024 at 7:24 AM Jan Beulich <jbeulich@suse.com> wrote:
>
> On 13.03.2024 16:07, Ross Lagerwall wrote:
> > In addition to the existing address and ELF load types, specify a new
> > optional PE binary load type. This new type is a useful addition since
> > PE binaries can be signed and verified (i.e. used with Secure Boot).
>
> And the consideration to have ELF signable (by whatever extension to
> the ELF spec) went nowhere?
>

I'm not sure if you're referring to some ongoing work to create signable
ELFs that I'm not aware of.

I didn't choose that route because:

* Signed PE binaries are the current standard for Secure Boot.

* Having signed ELF binaries would mean that code to handle them needs
to be added to Shim which contravenes its goals of being small and
simple to verify.

* I could be wrong on this but to my knowledge, the ELF format is not
being actively updated nor is the standard owned/maintained by a
specific group which makes updating it difficult.

* Tools would need to be updated/developed to add support for signing
ELF binaries and inspecting the signatures.

I am open to suggestions of course but I'm not sure what benefits there
would be to going the ELF route.

Ross

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/7] GRUB: Supporting Secure Boot of xen.gz, Ross Lagerwall, 2024/03/13
- [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type, Ross Lagerwall, 2024/03/13
  - Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type, Jan Beulich, 2024/03/14
    - Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type, Damien Zammit, 2024/03/14
    - Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type, Vladimir 'phcoder' Serbinenko, 2024/03/14
    - Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type, Ross Lagerwall <=
    - Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type, Jan Beulich, 2024/03/14
    - Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type, Ross Lagerwall, 2024/03/14
    - Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type, Jan Beulich, 2024/03/14
    - Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type, Roger Pau Monné, 2024/03/19
  - Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type, Roger Pau Monné, 2024/03/19
    - Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type, Ross Lagerwall, 2024/03/19
    - Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type, Roger Pau Monné, 2024/03/20
- [PATCH 3/7] multiboot2: Add support for the load type header tag, Ross Lagerwall, 2024/03/13
  - Re: [PATCH 3/7] multiboot2: Add support for the load type header tag, Vladimir 'phcoder' Serbinenko, 2024/03/15
    - Re: [PATCH 3/7] multiboot2: Add support for the load type header tag, Ross Lagerwall, 2024/03/28

Prev by Date: Re: [PATCH] Support dropin files for Linux kernel parameters
Next by Date: Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type
Previous by thread: Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type
Next by thread: Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type
Index(es):
- Date
- Thread