Received: by 10.213.65.68 with SMTP id h4csp63503imn; Tue, 3 Apr 2018 15:35:04 -0700 (PDT) X-Google-Smtp-Source: AIpwx48sfSrWd6iPJy59OBdj+i0ioUgfJq+p0d8lYPHAJghtbNY07Yu4ycdMCBIo5f3SeAQRfk3o X-Received: by 2002:a17:902:51ee:: with SMTP id y101-v6mr16334709plh.359.1522794904450; Tue, 03 Apr 2018 15:35:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522794904; cv=none; d=google.com; s=arc-20160816; b=XMEXJZfw5dtrN4togg1dLD1NqfPTggAYhjyXxC2icp/MVE4HOBJkwuXuhrSlBrlEJI PrKeyhu95Z2wkyjRlmEyue3fSd+U+xcDnEf1v4LAX96ijxXgYhfQOpjkKBy8MY10ZFDi If2Ct+wlN5A338GiGTMqGUurthwD5LucFXegWnfhy+jpKkDQiFamK4Ye+eXiP1tUoHJr QE1FjUM6g5o1hJcCLc00jfwx84TU5r3KziVvFG+2sDfKZxw1bnhofvU0C+w0yWWWWJ2x GcVFKKyR6eAx13hSOrQh3NxoHDgVUAmT/1eUOimR7jIv4wBtLBDLJaqy9DUJUXhURPx3 24rg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:from :content-transfer-encoding:content-id:mime-version:subject:cc:to :references:in-reply-to:organization:arc-authentication-results; bh=eqfIa94iKEtuyFFA4mnM5bVBlM6w0Ur9xgPM7yakIT0=; b=TZQr8K/1Hs+WLlmFv3xHEXI2i0eNVMy/7blqo19QCHTb4xmDBRFxHnZOYqM7T1wnEr 9AUCADTEMKlzR8yDnvZE2O0IoWgwDt2YERDK5+FDhX530V2l76OGZkyg9B7xAULzcHDl +y7xsIwFTIg92cgP8N7kP+3KrQgyEE4z43KcV2j2PxRjMfuImiW/FO5oK/4dwGXIKFAy HB6Tjr+H//4WFulz3dLBYhrVbc0ahsI16Czkj+RjFqHsd2N7OJuABmkWp5+0XdfLFVyV EpTUSomKR8WaIKq6HEsMfIg2nqAhZyF3m6M/9NDcTLpzBKkitVE0UhNbghrdsbOVI7Yl O4PA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k2-v6si1601426plt.413.2018.04.03.15.34.38; Tue, 03 Apr 2018 15:35:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756657AbeDCWc4 convert rfc822-to-8bit (ORCPT + 99 others); Tue, 3 Apr 2018 18:32:56 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:43464 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754402AbeDCWcx (ORCPT ); Tue, 3 Apr 2018 18:32:53 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DCC7A4040070; Tue, 3 Apr 2018 22:32:52 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-120-158.rdu2.redhat.com [10.10.120.158]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9A12010B008C; Tue, 3 Apr 2018 22:32:49 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 In-Reply-To: References: <4136.1522452584@warthog.procyon.org.uk> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> <9758.1522775763@warthog.procyon.org.uk> <13189.1522784944@warthog.procyon.org.uk> To: Andy Lutomirski Cc: dhowells@redhat.com, Matthew Garrett , Ard Biesheuvel , James Morris , Alan Cox , Linus Torvalds , Greg Kroah-Hartman , Linux Kernel Mailing List , Justin Forbes , linux-man , joeyli , LSM List , Linux API , Kees Cook , linux-efi Subject: Re: [GIT PULL] Kernel lockdown for secure boot MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <8614.1522794399.1@warthog.procyon.org.uk> Content-Transfer-Encoding: 8BIT From: David Howells Date: Tue, 03 Apr 2018 23:32:49 +0100 Message-ID: <9349.1522794769@warthog.procyon.org.uk> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Tue, 03 Apr 2018 22:32:53 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Tue, 03 Apr 2018 22:32:53 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'dhowells@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Andy Lutomirski wrote: > > If the user can arbitrarily modify the running kernel image, you cannot > > trust anything. You cannot determine the trustworthiness of something > > because your basis for determining that trust can be compromised. > > I'm having a very, very hard time coming up with a scenario where I > can "trust" something if an attacker can get root but can't modify the > running kernel image but I can't "trust" something if the attacker > can't. Eh? If the attacker can't what? Did you mean to put "can" at the end of that rather than "can't"? I don't see why the kernel-level trust would be compromised if an attacker can't get root and can't modify the running kernel image. Here's a simple scenario: You boot your machine. You have module verification keys in your kernel. You have /dev/mem available for root to read/write. A program running as root can modify the keys in your kernel or just disable the checking code entirely. It can now insmod any module it likes. You may as well not bother with signed modules. In fact, it can modify the running kernel image in any way it likes, without even having to load modules. There's no point bothering with UID/GID checking either. > > Stopping the kernel from being arbitrarily read stops any encryption keys it > > may be using from being retrieved. > > If I build a server that runs Panera Bread 2.0's website, and the > attacker exploits my machine to steal tens of millions of customer > records by getting the machine to talk to some database server using > keys that are securely stored in the kernel keyring, ... I was thinking more in terms of preventing access to the encrypted data on your own disk. The key for that could be unlocked using a TPM, but the session key then has to be retained in RAM for performance reasons unless you can transfer the session key to, say, your SATA controller without it going through the CPU. However, if /dev/mem can be read, any root process can extract the session key for your disk. But, as you suggest, they could also protect secrets used in communications. However, the communications themselves have to be exposed to userspace for userspace to be able to use them. That is unavoidable. The kernel keyring, for example, tries to restrict who can even see a key, much less use it as much as possible - but ptrace() exists... You are no less vulnerable if the key is held in a userspace process; then the attacker can get the key and the data. If the kernel is locked down, the aim is to try and make sure that keys stashed in the kernel cannot be read, though they have to be able to be used, or there's no point to them. David