Received: by 10.213.65.68 with SMTP id h4csp9604imn;
        Tue, 3 Apr 2018 14:23:12 -0700 (PDT)
X-Google-Smtp-Source: AIpwx49tGY//ug7zjULR3RWRUA0b5JLDgNVBe5FPS+V+O3NbB7SKk0uKTKIEqKnHsrEyCWFmP223
X-Received: by 10.99.49.19 with SMTP id x19mr10133736pgx.250.1522790592816;
        Tue, 03 Apr 2018 14:23:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522790592; cv=none;
        d=google.com; s=arc-20160816;
        b=CLwpW6o9JqeXFVTcfY4DFXedFPeA72i1GoSc5n+68Eg9MLtNW+txVs4/Oe/Tp0+4z2
         3MF5kAw9eUHhvISSujSEWVcBgqAO6gp+EJbj+UBYjQ8zFTueoZnaDCBYKHIN7QSXPF8Z
         +VJbUMwvghHqnkeY6rkwOFiemO166tZZ2CiweW2Z3rmuvb45E2sGY3SvFjoXP6v2RlbI
         /nusUhXtJeY9M25CFt021cfXkrSm1UUPDPmEksnLouYs99gMeRVOA4DSbKamExiumL52
         cwe08shliyxAJy5zQycOHjwuJZf3N73yGNmJMS1Og51olAtTS0m8FImTA8Rj2nVSsSpv
         csDw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=mB/REluRta9mNIj3gNkFu+a6dESsSxZyMrDjRvUh/hQ=;
        b=1ImsvSJ8wu5C9zP/fx2EfFFtfskx90cSGwKslNKeFiu6fCL4WHHZo2VMv35236//U1
         kEuqfGHvIh5w+FxaZYLDUEfyAGl1nqANm1aLAbq4XdWN9Ug4YFK2z/2abZgQHySUyDqX
         Ci1NbLWJGguBmaETIkZq/BOdXCQfp8w/7SnVrYcO+bLgfTWDcgJs+W5GgR5cq2recR9D
         F1a22O5HPTtcfbgVE0tD9XaDgBZ7IJ0mpbTbvMEof3t79QKX2OiA8k4l+U0fbeIX2Uc7
         xjapatwMWjyXsVnRu2Z4TYa3Lsyl++QV2b3v13b/2oef+Dp+s1/P7Lk062uf7Mfysz8o
         hR6Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 3si2852026pfl.175.2018.04.03.14.22.57;
        Tue, 03 Apr 2018 14:23:12 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753639AbeDCVVb (ORCPT
        <rfc822;paul.schmitz.hallo.parkuhr@gmail.com> + 99 others);
        Tue, 3 Apr 2018 17:21:31 -0400
Received: from zeniv.linux.org.uk ([195.92.253.2]:37214 "EHLO
        ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753261AbeDCVV3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Apr 2018 17:21:29 -0400
Received: from viro by ZenIV.linux.org.uk with local (Exim 4.87 #1 (Red Hat Linux))
        id 1f3TMU-0007Pa-L9; Tue, 03 Apr 2018 21:21:02 +0000
Date:   Tue, 3 Apr 2018 22:21:02 +0100
From:   Al Viro <viro@ZenIV.linux.org.uk>
To:     Matthew Garrett <mjg59@google.com>
Cc:     Linus Torvalds <torvalds@linux-foundation.org>, luto@kernel.org,
        David Howells <dhowells@redhat.com>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>, jmorris@namei.org,
        Alan Cox <gnomes@lxorguk.ukuu.org.uk>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        jforbes@redhat.com, linux-man@vger.kernel.org, jlee@suse.com,
        LSM List <linux-security-module@vger.kernel.org>,
        linux-api@vger.kernel.org, Kees Cook <keescook@chromium.org>,
        linux-efi <linux-efi@vger.kernel.org>
Subject: Re: [GIT PULL] Kernel lockdown for secure boot
Message-ID: <20180403212102.GL30522@ZenIV.linux.org.uk>
References: <4136.1522452584@warthog.procyon.org.uk>
 <alpine.LRH.2.21.1803311145180.7769@namei.org>
 <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org>
 <30459.1522739219@warthog.procyon.org.uk>
 <CALCETrUFOdrH5ShCCd8yguGjC2NtG8fJY7AW26HH467-02UVGA@mail.gmail.com>
 <CACdnJut31+ZtiR40nkOjm89cfUxS0EM=w-oG69PtWHbXYJQxPg@mail.gmail.com>
 <CA+55aFy5EPxAyqyGGaYUUyakuLbjXHiseWCkz-oNdo=Y-878tg@mail.gmail.com>
 <CACdnJuuXOP5T-BRAwMvc7XF8S49wyvp4ZYgcU=EZkaGNgPAQig@mail.gmail.com>
 <CA+55aFzGFZT68ih446DeQbB69Fyk_wT6b7PGq0iz-gctUGQq_A@mail.gmail.com>
 <CACdnJuvheCbuvTLyDWMQWcUytc4EvuSUaEKywfEX8Kp6qYL9dg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CACdnJuvheCbuvTLyDWMQWcUytc4EvuSUaEKywfEX8Kp6qYL9dg@mail.gmail.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Apr 03, 2018 at 09:08:54PM +0000, Matthew Garrett wrote:

> > The fact is, some hardware pushes secure boot pretty hard. That has
> > *nothing* to do with some "lockdown" mode.
> 
> Secure Boot ensures that the firmware will only load signed bootloaders. If
> a signed bootloader loads a kernel that's effectively an unsigned
> bootloader, there's no point in using Secure Boot - you should just turn it
> off instead, because it's not giving you any meaningful security. Andy's
> example gives a scenario where by constraining your *userland* sufficiently
> you can get close to having the same guarantees, but that involves you
> having a read-only filesystem and takes you even further away from having a
> general purpose computer.
> 
> If you don't want Secure Boot, turn it off. If you want Secure Boot, use a
> kernel that behaves in a way that actually increases your security.

That assumes you *can* turn that shit off.  On the hardware where manufacturer
has installed firmware that doesn't allow that SB is a misfeature that has
to be worked around.  Making that harder might improve the value of SB to
said manufacturers, but what's the benefit for everybody else?