-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Wed, Jun 08, 2022 at 02:22:12AM -0700, Michał Żygowski wrote:
> Hi Demi,
>
> Thank you so much for these requirements. It contains many insights into
> how software/firmware can do better. Still, I have some questions and
> doubts I wish you could clarify:
>
> Ad. 1. I find multiple occurrences of the oxymoron "persistent mutable
> state" in the 1st point and e.g. 7th. Could you please explain what state
> might be mutable and yet persistent? These terms look contradictory to me.
“Persistent mutable state” means state that is mutable by the host and
which persists across reboots. This is a problem for PCI pass-through,
as it allows the VM controlling the passed-through device to tamper with
the device, in a way that will not be fixed by rebooting the system.
> Ad. 2. D3cold basically means the device has to go to D3hot plus all power
> cut off from the device. While modern laptops typically support that with
> modern standby (S0 idle) RTD3, bouncing through D3cold requires a
> compatible mainboard design. Looking from the workstation's perspective it
> would not be possible (unless one would do ACPI G3 cycle on each system
> startup). Please correct me if I'm wrong.
I am not at all familiar with these power management details. Is there
some reason an ACPI G3 cycle would be bad?
> Ad. 5. Some desktop Intel CPUs are GFX-less, which implies the usage of an
> external GPU card. Would EFI OptionROM be allowed to run on display devices
> in such case? Otherwise one may end up without the display working in the
> firmware thus relying on booting in blind.
If there is a non-spoofable way to distinguish the GPU card, and if the
GPU card option ROM is not mutable, this would be okay. This could be
ensured by e.g. having the hypervisor intercept and reject writes to it,
together with ensuring that there are no other ways to write to it via
the GPU. Another approach would be to require that the option ROM is
digitally signed by the firmware vendor. Obviously, Thunderbolt device
option ROMs must never be run, as removable devices must be considered
untrusted.
> Ad. 7. See Ad. 5. regarding Option ROMs. There is a way to go: extract the
> EFI OptionROM, put it into the firmware image, and disable OptionROMs
> entirely. However, it would require a custom firmware build for each
> hardware setup/graphics card. Almost nobody would do it given that most
> people do not have control over their firmware source code.
What about something like LinuxBoot? Have the firmware load a basic
Linux system, and have that kexec. This avoids the need for working
graphics in the firmware, since the Linux kernel has its own drivers.
- --
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKghj0ACgkQsoi1X/+c
IsE7Cg//VNwzsnFtVFZHDT4h2CnZ3uLHMqHqF0LWmFcQ77ofdcNwqMKpArICKC6B
dI0C1+C6+jscJK5NQOp50ge9eCeZA1nVIfYSOkn+7RQ3KoXqHeeeOT7LlmEbfEI5
+pamNZ35SGu153Fw8OQsTH1J3nP5QC/e0vCTVbG1A8qy7+KhXL4G/OBFybgMlpCU
PUSAImv7Y9uQhlqPg6Ll8okJR3ISjy7i2kPBjdC9AuQ7KgBrQkjU+OVCR75Rh87G
0HWF5/ns7ymmfhHEhFxHxvmhAMm89aRu4nRxYgnkoTRvTOsQrBorzk982m6iieou
ga23xMxRZLDpke+z4KK+tuS8SqpHnYbAW/l+jkgkCT8Gts5+YWyzKP9evCuTQtTT
eDf0cYSqRLl4RAoJYBKyrD2E7W8Cy54uUJ7O8Wy5CcwAqwcV4fD2AN8AAI+ah1HT
S/fD6hhQNGs4qdYE8uatLws0E9dwffxwQp7cFI17LfuQajw8YEs3cnOjgWIKs405
stTmNFNKGAWL84aC7bycxcyD/tz3Y6jbLWLBEgW4KhDBd5k3hpb8sbrIJS/xHaQt
t6HrN2N/d4hOdLYHTf7IoOEp17dvjONNZIIicHaWnEmNY2GzJ+2pMxk67z5Lp0fG
ST4UCOopPq+7VV8m7rzNHVPqTQTEBxh2YyNp42o1arIfiZGvldI=
=aDsF
-----END PGP SIGNATURE-----