Received: by 10.213.65.68 with SMTP id h4csp3853028imn;
        Tue, 3 Apr 2018 11:47:48 -0700 (PDT)
X-Google-Smtp-Source: AIpwx49UIdPRS12AmYV0wgo5efjdCIVjO/7OSVrsveEZudMrYSMINpUojqo+uMEYrGlBXRtK5xLQ
X-Received: by 10.98.108.69 with SMTP id h66mr11361315pfc.43.1522781268458;
        Tue, 03 Apr 2018 11:47:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522781268; cv=none;
        d=google.com; s=arc-20160816;
        b=e40uLPS2cl3xcu/eds81oGdY51azZyhyJSf5mUCerw1m/cqhRlSuDcje5h1xes6E0i
         Pv3LukAJNshuAMIKRLEbPIVnv7SdO/WfdArUkiUPQepzj7zxnR3DFY3PwylUx0QtjZMe
         kslWqGqkD+aKpJMfAIceu70u0s7obEIejBKSgn6XU2nij9yqKBxV6j/bClqfU9EF4AT6
         dx9tVbzxFR6q3wwtQovuWL7vPS4vvNt9eeFmGKkdStSAvxlUuvFmsVgX9GtFbkhDzWs6
         nQpQPGtFfEBldcfsGxqdVYeTslZ4l9j4FoxZXkMhosxUJG016vWE/BdI1ttbxd9Ljvjj
         i3BA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=9Cn6Jer7OC+rVzFsZZmofxLG+Q1R/9gi8X8JhX7gvw8=;
        b=inZELUocTSdeaBNvwcHtu1pLTmiGF0xqEZLJ4/yEXo8hg6EZQVAQwQCYWJuzGt73mt
         w0P9lmrl+5alMkn8J0VdaTCRKVG4INVFaAmXRO567shzf2VYwhOpDmtAygGtiyB+Euy+
         lrpAj3YDPaqReLwdKfBtgWx+gmIckzWj3ItdPB+iqljg103BLFgsvbXCCm4v/Q1v4le6
         fF7a//dgNu9bzF8exYABjhHU1DfTRb1DJ00HF2HV0aPUDl0iendoNFiEf3Na+UH8mb6n
         HXSdL4lgMIwPK7+WArXQFSaaEiEyR/6crVkVevDXO5k5IqNk+TdishKB2o87rsLTEwUV
         RBmA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=AL5Jx44Q;
       dkim=fail header.i=@chromium.org header.s=google header.b=C+lw1G3b;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 31-v6si1106375plz.467.2018.04.03.11.47.21;
        Tue, 03 Apr 2018 11:47:48 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=AL5Jx44Q;
       dkim=fail header.i=@chromium.org header.s=google header.b=C+lw1G3b;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753061AbeDCSp5 (ORCPT
        <rfc822;paul.schmitz.hallo.parkuhr@gmail.com> + 99 others);
        Tue, 3 Apr 2018 14:45:57 -0400
Received: from mail-ua0-f196.google.com ([209.85.217.196]:40003 "EHLO
        mail-ua0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752240AbeDCSpx (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Apr 2018 14:45:53 -0400
Received: by mail-ua0-f196.google.com with SMTP id n20so11652692ual.7
        for <linux-kernel@vger.kernel.org>; Tue, 03 Apr 2018 11:45:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=9Cn6Jer7OC+rVzFsZZmofxLG+Q1R/9gi8X8JhX7gvw8=;
        b=AL5Jx44QD8jpdvs7JpIXsI+fRGkJN/MqWLZLWYpyZo5Xh7jDg/t9GdI7c4jjK7+Vmb
         iKrt2ip3J4nhJxcVpvEZvq99i4R6jo4jJpH0+DoSEafYxs8lyOCrZNQQS+PqDrWH1Oj+
         vW6UBF5UFOxiK/ZFIohrPgx/tyHB5KUMujtrqe79CAW62FohTMP0D0WCj9vyHXaJyB0c
         v3ziM0xu7Gj82RPXGCOAVwTw9VHTYJtEg001c9EG9+zGFM4Ew6kcixKbrVAyZb+QbOGB
         bKA2M+nGoWzO8Vy3WuHOUzW0mNA9QetpI4mYblD/gOdkf0gn/h5oYTYMs+xcRc34YxaP
         teAA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=9Cn6Jer7OC+rVzFsZZmofxLG+Q1R/9gi8X8JhX7gvw8=;
        b=C+lw1G3ba+uoNLyHxZU51t96A2K/tHHmvoLWlf+LP55Ph0lfspQ44pL05QqLTLuhN4
         /Xpo37s6hoSAPXsAmS2jyQ75EpbwM596mf8hYiS6d6Plqt0b9dQ5qTdO3LKaK8jWJjdf
         +D+jdsQWbwAXFIzeQt5hp6n9dKKRzYG5zByeI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=9Cn6Jer7OC+rVzFsZZmofxLG+Q1R/9gi8X8JhX7gvw8=;
        b=q72MzOA9TksFsZy5wv4IDkdsL7xRM9pL6eXZ6Cssz0ARmLabffuwS637+VwtrqPMdf
         B1xu14pbg+8+NG1l+4OxWlAcnVP8YJLH8w+utS03PGO4LFPIq8TGx3hyqvaUOwNx7QDs
         MjMAgaHbrnYbeUAcKN+6E7BE1qZYzE4oSUC93nq42XKzuCl+jTvbYWW3OHrR//KMKlek
         JTB6CiiWgx6Y3LEhlc5bg/r7y7rwMv2SKe3bd/LZfYJI1Cxnb+bB1P5Xv1WfpimUv2va
         HRXKMRbjsd6tlwI0MKbRX2uujuK4i8V5QSOp20xo2St4qPeRgYIs7BAa9E859OFg8s3b
         Of2A==
X-Gm-Message-State: ALQs6tA+S0OS/HkCIIfNjx55RVb7RWcFFz3riO78sMpIVhFst0hofWPF
        dapOwoSRPAETiv3yDwnhVRT2q2DqRNZKQyMvApq0bQ==
X-Received: by 10.176.14.3 with SMTP id g3mr8872555uak.83.1522781152789; Tue,
 03 Apr 2018 11:45:52 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.31.164.81 with HTTP; Tue, 3 Apr 2018 11:45:52 -0700 (PDT)
In-Reply-To: <CALCETrXeVod=kNpG-M7yKAMM0-n+PMg_OakN6ecWrTPmKXgMLg@mail.gmail.com>
References: <4136.1522452584@warthog.procyon.org.uk> <alpine.LRH.2.21.1803311145180.7769@namei.org>
 <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk>
 <CALCETrUFOdrH5ShCCd8yguGjC2NtG8fJY7AW26HH467-02UVGA@mail.gmail.com>
 <CACdnJut31+ZtiR40nkOjm89cfUxS0EM=w-oG69PtWHbXYJQxPg@mail.gmail.com> <CALCETrXeVod=kNpG-M7yKAMM0-n+PMg_OakN6ecWrTPmKXgMLg@mail.gmail.com>
From:   Kees Cook <keescook@chromium.org>
Date:   Tue, 3 Apr 2018 11:45:52 -0700
X-Google-Sender-Auth: pCtDw8qg0NwarfTB0tt-flg_G94
Message-ID: <CAGXu5j+CyVXEvsMarJjBwaNh7poVZtmit5PGmQM9rKKqZPqVXg@mail.gmail.com>
Subject: Re: [GIT PULL] Kernel lockdown for secure boot
To:     Andy Lutomirski <luto@kernel.org>
Cc:     Matthew Garrett <mjg59@google.com>,
        David Howells <dhowells@redhat.com>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        James Morris <jmorris@namei.org>,
        Alan Cox <gnomes@lxorguk.ukuu.org.uk>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Justin Forbes <jforbes@redhat.com>,
        linux-man <linux-man@vger.kernel.org>, joeyli <jlee@suse.com>,
        LSM List <linux-security-module@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>,
        linux-efi <linux-efi@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Apr 3, 2018 at 9:45 AM, Andy Lutomirski <luto@kernel.org> wrote:
> On Tue, Apr 3, 2018 at 9:29 AM, Matthew Garrett <mjg59@google.com> wrote:
>> On Tue, Apr 3, 2018 at 8:11 AM Andy Lutomirski <luto@kernel.org> wrote:
>>> Can you explain that much more clearly?  I'm asking why booting via
>>> UEFI Secure Boot should enable lockdown, and I don't see what this has
>>> to do with kexec.  And "someone blacklist[ing] your key in the
>>> bootloader" sounds like a political issue, not a technical issue.
>>
>> A kernel that allows users arbitrary access to ring 0 is just an
>> overfeatured bootloader. Why would you want secure boot in that case?
>
> To get a chain of trust.  I can provision a system with some public
> keys, stored in UEFI authenticated variables, such that the system
> will only boot a signed image.  That signed image, can, in turn, load
> a signed (or hashed or otherwise verfified) kernel and a verified
> initramfs.  The initramfs can run a full system from a verified (using
> dm-verity or similar) filesystem, for example.  Now it's very hard to
> persistently attack this system.  Chromium OS does something very much
> like this, except that it doesn't use UEFI as far as I know.  So does
> iOS, and so do some Android versions.

Correct, Chrome OS does not use UEFI, and we still want this patch
series, as it plugs all the known "intentional" escalation paths from
uid-0 to ring-0. Happily, that means all the politics around the UEFI
and Secure Boot case can be ignored, because those issues are specific
to Secure Boot, not the lockdown series. (They are _related_, sure,
but lockdown isn't only about Secure Boot -- it's just that SB is one
of the widely deployed implementations of this kind of
trust-chain-booting-thing. Chrome OS and Android's Verified Boot do
similar things and have the same expectations about the uid-0/ring-0
separation.)

The goal for that bright line on Chrome OS and Android is to stop
attack persistence. We want to know that a reboot onto a new kernel
and OS image will actually result in getting the desired system state,
and that any attack on persistent system data (even for things running
with full root privileges) can't result in using kernel interfaces to
gain kernel control. This isn't expected to be _perfect_, since
nothing is. But it creates a place to work from. The idea that uid-0
is NOT ring-0 is still relatively new, so the existing designs in the
kernel aren't well suited to building that distinction. I view this
series as a solid first step to getting there, though.

-Kees

-- 
Kees Cook
Pixel Security