Received: by 10.213.65.68 with SMTP id h4csp3733026imn; Tue, 3 Apr 2018 09:47:32 -0700 (PDT) X-Google-Smtp-Source: AIpwx49UX84Vl3gNQ4J2vONHj/9JNqB3mN2oZM7iEHR2TcliZAH9yrJw6hkycAs/fl4s3A8tY80q X-Received: by 10.99.54.65 with SMTP id d62mr9569010pga.225.1522774051997; Tue, 03 Apr 2018 09:47:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522774051; cv=none; d=google.com; s=arc-20160816; b=bwnr/uCNf8TcU3Am7kVkthdK3XdRypYQgdvWgMQwDWcbpKtWCoex22TthJojpkhl4k O85sU+YzdbioctMWORpYlLOM/WqwkPnxf4II86SX517ebvLMukZEwuRqtXM9wwYTsMZe mUWcvkYupVrWXzw06WGGbN+bd+HEAUCQyNgWT/DOkHQerGU27JiXGvdgBFyQLrxhnFFr CLmY8Qe8nNj6Dgil27tm0ZcdRQeuOE/l0+XZrJ/v6Ax8kNgOu3QI1+dBwhRSlErXDLYK IVTaq24dkoV+H2G6mOTbZKZNF9MsG6fiKQEfT/bL+WMXT6CYgenG2mA9mLx0gt9tPvgr youw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dmarc-filter :arc-authentication-results; bh=69pnZTwFDcFCWoEKTyiec/P0H0+GU/Btc7/b8l2KF7c=; b=Ygk/kPsdFmPRcOJUVhF5DtnT0PGtMZM/eWY63XimGNWS2dJa+llEAufueW8NIS1KDG i5xRHgrlDTmHQBeKV9eva5CyceFTU14yukUUSyHhYkDiXMj6bLx+OJfd2pbtEsQck5/J +EMEdDY/9sQHE1a1v3Jc0JiqrWbMNCBbSIWQQQyKieVwVlnTZeIgnNwLOkRZd3qZALq8 y5HWKnjdDr7n0G1ioLmEe684BadawWRS0rCLxqGiEjq8KQIHeW+Y0KrGzQLsTO0zCDBn NIZmBLWqat1RbJdEDV7TRtxVKX6S+HZ+PbTrRmJ/90logjLDy6klQbQ0RCbm7WnIlMBS q6vQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id az10-v6si941086plb.145.2018.04.03.09.47.18; Tue, 03 Apr 2018 09:47:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752414AbeDCQqH (ORCPT + 99 others); Tue, 3 Apr 2018 12:46:07 -0400 Received: from mail.kernel.org ([198.145.29.99]:50784 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752278AbeDCQqC (ORCPT ); Tue, 3 Apr 2018 12:46:02 -0400 Received: from mail-it0-f49.google.com (mail-it0-f49.google.com [209.85.214.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 478DB206B2 for ; Tue, 3 Apr 2018 16:46:02 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 478DB206B2 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org Received: by mail-it0-f49.google.com with SMTP id r19-v6so24209587itc.0 for ; Tue, 03 Apr 2018 09:46:02 -0700 (PDT) X-Gm-Message-State: ALQs6tBwMcemQg4qy2e/aUbphhT0Gh3oeH0iNvq3m4lQKbaY+I8dA7VS RU5ma8YKtXJgxCY/zZCE/hPsH6n4dz442Tha7y9RsA== X-Received: by 2002:a24:2d0d:: with SMTP id x13-v6mr5703313itx.54.1522773961713; Tue, 03 Apr 2018 09:46:01 -0700 (PDT) MIME-Version: 1.0 Received: by 10.2.137.70 with HTTP; Tue, 3 Apr 2018 09:45:41 -0700 (PDT) In-Reply-To: References: <4136.1522452584@warthog.procyon.org.uk> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> From: Andy Lutomirski Date: Tue, 3 Apr 2018 09:45:41 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [GIT PULL] Kernel lockdown for secure boot To: Matthew Garrett Cc: Andrew Lutomirski , David Howells , Ard Biesheuvel , James Morris , Alan Cox , Linus Torvalds , Greg Kroah-Hartman , Linux Kernel Mailing List , Justin Forbes , linux-man , joeyli , LSM List , Linux API , Kees Cook , linux-efi Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 3, 2018 at 9:29 AM, Matthew Garrett wrote: > On Tue, Apr 3, 2018 at 8:11 AM Andy Lutomirski wrote: >> Can you explain that much more clearly? I'm asking why booting via >> UEFI Secure Boot should enable lockdown, and I don't see what this has >> to do with kexec. And "someone blacklist[ing] your key in the >> bootloader" sounds like a political issue, not a technical issue. > > A kernel that allows users arbitrary access to ring 0 is just an > overfeatured bootloader. Why would you want secure boot in that case? To get a chain of trust. I can provision a system with some public keys, stored in UEFI authenticated variables, such that the system will only boot a signed image. That signed image, can, in turn, load a signed (or hashed or otherwise verfified) kernel and a verified initramfs. The initramfs can run a full system from a verified (using dm-verity or similar) filesystem, for example. Now it's very hard to persistently attack this system. Chromium OS does something very much like this, except that it doesn't use UEFI as far as I know. So does iOS, and so do some Android versions. None of this requires lockdown, or even a separation between usermode and kernelmode, to work correctly. One could even do this on an MMU-less system if one really cared to. More usefully, someone probably has done this using a unikernel. If I had to guess at a motivation that makes this patchset work, it would be that there is an uneasy truce between Microsoft and the various vendors of signed Linux bootloaders. That truce could conceivably require that the signed bootloaders not knowingly ship a system that allows a non-physically-present user to chainload Windows. If so, the patchset should say that loud and clear in its description and the parts that block bpf should go away.