Received: by 10.213.65.68 with SMTP id h4csp3967516imn; Tue, 3 Apr 2018 14:04:30 -0700 (PDT) X-Google-Smtp-Source: AIpwx49Djl0tQn6IZujuxfjnp2BfleWU2hwCMTYKo/hRV9d3d3ZzVq1uLgJF4guOMsEf+YXnlW/x X-Received: by 10.101.75.135 with SMTP id t7mr10302215pgq.235.1522789470388; Tue, 03 Apr 2018 14:04:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522789470; cv=none; d=google.com; s=arc-20160816; b=fulWoA1c1oNku2wXayqBHjcP5EdXVN+EmJBaUMMfTaScfTWEAoiC/LHbqLlul80jG7 z1DeGJ0BfbdrummFYcpH3DlSInw1Wl5z5seGoQHIYTB6zfYykgHtgzmvx9Zcxh0YA6pO qrYkvBB9VBL0oZ60xKUtSVw98zSqL+pHxmACuurptBfwx2Swu7Z2LjUZifrh0bB5KbS5 BqmIfmygQwhCt/Ncaj47vMrT1hswweo12+uQ8ePm5b2Z4Inm8a/IPa+grkeZNBnGoSab EU68FK8i48snYyVfYLi9H7aAVXtBBZRbqXgA34xSOaZLH4xDh1VKaWvcBKjqLVl5I79M 9pMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=O2YTbJn7ExGU1X2YP7+kdAz5znTN4doNtO56kI40tF8=; b=PkCzK9YbfgNRW+cGZQLIlSsnl0j9M3H50hLCR25xnSMcWtHaI3kEEtabiluYHBpbU5 lm1wlF+lcDXR7S/tfv4OeZDLvsD1fUYv8BxCTCHv7JG30ZolA5vN8YS+8b1laSgrU/fn NGuKZuKvYzIuJa0fpuDyG7OwyWXvleWcn3U+vB9upu8LGztegi5uD+sBAtN0910XGL8r Ix0tGBphFtXIHzy5HaTrHabJkHDSs7Co4tOp0OK9Gt/W+3HRwFi5Kftdfm4agMiYvWxv +guPgZECeEAQw8RaF3fTbhk0KvJeYh9sBZTHQ55+gmuWiW0PCBOKXxpyZKJ776OgjNHb 0hTA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=HdAQBmeG; dkim=fail header.i=@linux-foundation.org header.s=google header.b=Xw47k4bb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d10si2547308pgu.531.2018.04.03.14.04.15; Tue, 03 Apr 2018 14:04:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=HdAQBmeG; dkim=fail header.i=@linux-foundation.org header.s=google header.b=Xw47k4bb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753478AbeDCVBq (ORCPT + 99 others); Tue, 3 Apr 2018 17:01:46 -0400 Received: from mail-io0-f195.google.com ([209.85.223.195]:43739 "EHLO mail-io0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752639AbeDCVBn (ORCPT ); Tue, 3 Apr 2018 17:01:43 -0400 Received: by mail-io0-f195.google.com with SMTP id q84so23684807iod.10; Tue, 03 Apr 2018 14:01:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=O2YTbJn7ExGU1X2YP7+kdAz5znTN4doNtO56kI40tF8=; b=HdAQBmeGONnRCQiPE5fPGCopwxwZHHq7rJXDwVB09vKjTqgXQLhglHRos3PZRnpIvI VhT4bZetpgbNMSGTEfWWalm8rzUoFMlblXKrKRTcALgbqcSDbgPgHqtc/juqLAXT3pVC ZYaGm7r0c7ulP8N9Wck1ORVTTEyh0/uKjc56F9g0JWM0CO5WqbeBS/obB+6aPYig0nlG 02LOgx4uLDliEb6YuAQxNaPIF/2iCOG2uJkfA1gKMYhcYKTTY3StiXrkk3jnWwfZq/Pz 6tCKAKgFYvwmFcgZwxqqXABzXzg63t1EC9VAYR23nZDz7pBQH2d455I1AEhhAvZoiObS 83AA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=O2YTbJn7ExGU1X2YP7+kdAz5znTN4doNtO56kI40tF8=; b=Xw47k4bbPHVHA5L3nb7EzbudmOuPVOrG9Xb4RSWSOQ9Wdn28vrudb5ZGPuere9Hhzs oBAW6C71hi0r60uXEb0XEfSPDpU8f1UK+DUoJxlGyXzm5Nvm2EyU7ONFkOzgaPDsKlR3 iKj75L6TrDsopc4BWvWfOs4qYR7ZawFog+BOs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=O2YTbJn7ExGU1X2YP7+kdAz5znTN4doNtO56kI40tF8=; b=YgCNLsVLPSlG9VqSBJ/KSNsdOTy4/GnloA+Qfp4AYS1uJPvkD2nsRVhLhArTjY5mIg 0jY1p4AD7V993YlZ4FXTCz26nalomGSEVmXLMNfN7iynBMjTXwGvBifEUxuKWLuOeIyh /dxjwAR0+jZBC7Xpum5EkLagMFEIKhJhAi4fqjGzyJPk6oPtTx8s2t/H/ErUZpEdXOEq MYJ4tp5hTxdljIbxdtPESlWq7p8ZcCiqf6/5dOeWitM4lSbOrALyGMSA10aNuASUQrGU QquxWk3bTDLMV/7erHx+IaDKrY3GJyQfX0vWfZtQrdLM0pCrTB+5PAD1rcDYFs8VaxAc Zw/Q== X-Gm-Message-State: ALQs6tD6U1oDbQiQKRNghZVs6dMGvYo1YbXL6BTrSpLsr1HPojcgBDn/ L6iQkeQc5uH6XyPsNSZUHSUy8LoooFLsoDA4dAU= X-Received: by 10.107.111.25 with SMTP id k25mr5408655ioc.257.1522789301979; Tue, 03 Apr 2018 14:01:41 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.95.15 with HTTP; Tue, 3 Apr 2018 14:01:41 -0700 (PDT) In-Reply-To: References: <4136.1522452584@warthog.procyon.org.uk> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> From: Linus Torvalds Date: Tue, 3 Apr 2018 14:01:41 -0700 X-Google-Sender-Auth: BZhsph1dLf--jHKld76blJHQLl4 Message-ID: Subject: Re: [GIT PULL] Kernel lockdown for secure boot To: Matthew Garrett Cc: Andrew Lutomirski , David Howells , Ard Biesheuvel , James Morris , Alan Cox , Greg Kroah-Hartman , Linux Kernel Mailing List , jforbes@redhat.com, linux-man@vger.kernel.org, jlee@suse.com, LSM List , Linux API , Kees Cook , linux-efi Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 3, 2018 at 1:54 PM, Matthew Garrett wrote: > >> .. maybe you don't *want* secure boot, but it's been pushed in your >> face by people with an agenda? > > Then turn it off, or build a self-signed kernel that doesn't do this? Umm. So you asked a question, and then when you got an answer you said "don't do that then". The fact is, some hardware pushes secure boot pretty hard. That has *nothing* to do with some "lockdown" mode. Why do you conflate the two? That was the original question. You replied with another question. People answered yours. NOW ANSWER THE ORIGINAL QUESTION, DAMMIT. Linus