I have some questions regarding SecureBoot and Xen. The only document that appears to define some sort of policy between Xen and SecureBoot is this one https://andrewcoop-xen.readthedocs.io/en/docs-secureboot/admin-guide/uefi-secure-boot.html. That is also similar to discussions made in SecureBoot-related talks.
> Within the Xen architecture, Xen, the control domain and hardware domain share responsibility for running and administering the platform. This makes their kernels privileged as far as Secure Boot is concerned. Why does SecureBoot needs to expand to Dom0 kernel ? If you e.g restrict DMA through IOMMU and restrict some key hypercalls like kexec (among some others), Dom0 shouldn't be able to compromise Xen (in principle); hence can't escape SecureBoot boundaries. SecureBoot doesn't appears to require preventing device access from "unprivileged code" otherwise VFIO wouldn't be allowed under SecureBoot. But such device access still needs to be contained (e.g through IOMMU enforcement), that's something Xen already supports (e.g dom0-iommu=strict / PVH Dom0). In that case, devices are only allowed to access Dom0, but can't access outside of it. From a technical standpoint, PVH Dom0 setups (and also PV Dom0 depending on configuration) acts very similarly to a SecureBoot-able Linux kernel which runs a KVM virtual machine with all host devices passed-through it (using vfio-pci). In that case, such VM doesn't need to be SecureBoot compliant, but it cannot be leveraged to escape SecureBoot. Am I missing any specific detail which could explain the need for SecureBoot in Dom0 kernel ? Teddy -- Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech
