Received: by 10.213.65.68 with SMTP id h4csp104381imn; Tue, 3 Apr 2018 16:30:33 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+LX8hIJE6pJNOrz76RM4nOs+GwCVolliEczYcE1oMw23yraVTcQXvMBqws+sRec5iMofjr X-Received: by 10.99.96.130 with SMTP id u124mr10541921pgb.252.1522798233712; Tue, 03 Apr 2018 16:30:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522798233; cv=none; d=google.com; s=arc-20160816; b=bAxSXb6mYpYnysifeAjGPy6qmE5PpMsGsN0YPnfzfwXq//iSX7cdg+j+uzpVUiIGew 23DrTKpEbRpJY+qDL6uKVmVwc9AUF/+wiXOpMSdTPV825+Wnza1+3dbKUqZLOHeNao8V WdK765gwgx2zk0WYrTpw7qBNQr9eAzPQcalA4empfM5T1cUod6elZEYi6bZMqCbh+1AY TLXx6cr4rlQNN9T3RvQ/T9pySwpXV8vY4YxPQWzdOV81VF21Y5RrhX95wN1UIJ0QjT8y +zXkBTfsb7eQPj/UHxSafDJjrv+6OfU80oDDlsEZ+ZM6PQFF2gKPwT85E0TqU4AaeF57 LfZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=PlqiDuMEb8LbIsc1kprA3VWlwM+KNX7Al8DybvRNNZk=; b=csXdLLBMQtOuSAPKYkarp4mfTCGiHtitihpICtHgIHSK9dafPBbTaU7AX046TjV/i9 3oolyD6uvPNiYePCsqMKlf8phd0vqL3HwhxT4cnbHMaL1uieHGG89kKBE/wZsr10UGfG 5FaW9Xr+lIrC23qUynvLq78u2qGSCbUQKOvxHkv6cVtNVwVV/XloF4AoAweLDEtIjzYe VjoLpQJxDoOOAtytfN/KjZhIfAZMWnx7qwVU12UBZuM2FS3Sps7Hak9rZw5hsK5YlL4v S8rpJoImAmqI2Fd+ECuwp3V64t6tPszvyH19YaCZqnWiTNxdXyWhF/DE0zndYecJVlK1 sVAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=sehAQkM2; dkim=fail header.i=@linux-foundation.org header.s=google header.b=DdWOLeEH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f35-v6si3884120plh.569.2018.04.03.16.30.19; Tue, 03 Apr 2018 16:30:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=sehAQkM2; dkim=fail header.i=@linux-foundation.org header.s=google header.b=DdWOLeEH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755175AbeDCWqP (ORCPT + 99 others); Tue, 3 Apr 2018 18:46:15 -0400 Received: from mail-io0-f196.google.com ([209.85.223.196]:34059 "EHLO mail-io0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753584AbeDCWqM (ORCPT ); Tue, 3 Apr 2018 18:46:12 -0400 Received: by mail-io0-f196.google.com with SMTP id d6so21998364iog.1; Tue, 03 Apr 2018 15:46:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=PlqiDuMEb8LbIsc1kprA3VWlwM+KNX7Al8DybvRNNZk=; b=sehAQkM2gEEXpaId/1NzS6WADeXI8B1kjl8CKl/zFBN5+n7YAZbuH4DMv/4UpOHftG ZzKey/KGrfps3EfjHLWlgbtfWJBIIM3OcTHZIv+7tA2Zm68nFjY1sWAcMHgxXKPjQE0r eS46domxSI7LOVhTqbWf1Kro/juL6/bCObNOBDkUzFUdBEZBwoOazFJwy3uPxQJ4W5tk VtYr1wmLxGmVj4gnyoO+Dix+YqUauUYmNrV2WrYyH5PNYxqmsYTtK8roGkcQ12d/l89x HlsECUCcIPBHN8qVEbFhIvp5mQQMuC2qKgDXFgGbRvRPwQQ7+OrAWgt9hhDG5VA/D6vo Y04A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=PlqiDuMEb8LbIsc1kprA3VWlwM+KNX7Al8DybvRNNZk=; b=DdWOLeEH3/N0fv7EsWOF/Z5bVbHHeczTQ+pmaBpgrGVcnOwSxcWNSaeXGlpOKQIlhJ Y2yZBUjHzJKtK3mgvS3OjKU/VmrNnVQdxWBtp3mMLjQbC3tV2US8T+cS0mnVuwWiTz07 rpQPT7RL5bIZaepqyfeVq9CN/2c5+stgsfQcI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=PlqiDuMEb8LbIsc1kprA3VWlwM+KNX7Al8DybvRNNZk=; b=KDL8SUuvW134G2u8FKP8boB6cxvtshPhRHN0CCGCqLL0wdA/FVic34CuwE48EQIqkZ gZnw8RgRjtZIh6I6MB3Tm6FQTrEXxZVTJ/4gDWRPZh+zdNXY5f8zzEFhaDLChti40E1B tW9kl5KqjyrCxNVtQquHr9OZ8jF4yJ9PpKdCHSoK7gThIWwxAV2tTnhxKjWMDz+VVY7c yUwxAhs6nxDl2GEKlsn/M3kfcZ9LJScuOk2xHSNfNSzd6OhAC3ShQCH/DhfE+Hr1iZZl 2ojxzri4PbNFuqGYH0lRotenfLpOnFgOeG0CJM0OW1PIin6J+W0QiC5AwBdnOyPheX/g q7yA== X-Gm-Message-State: ALQs6tDAtJfEF0hkkqNaMhjBDZS7qiQXZAlHabuIR7N3t7seIApLnc5D pO32wiHQeHMMbft3/2ACgNCrUQTV0RYfRscZCmU= X-Received: by 10.107.12.201 with SMTP id 70mr14296707iom.48.1522795571648; Tue, 03 Apr 2018 15:46:11 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.95.15 with HTTP; Tue, 3 Apr 2018 15:46:11 -0700 (PDT) In-Reply-To: References: <4136.1522452584@warthog.procyon.org.uk> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> <9758.1522775763@warthog.procyon.org.uk> <13189.1522784944@warthog.procyon.org.uk> <9349.1522794769@warthog.procyon.org.uk> From: Linus Torvalds Date: Tue, 3 Apr 2018 15:46:11 -0700 X-Google-Sender-Auth: npfKf-c6k8wxTMi3tjgPTALGwM8 Message-ID: Subject: Re: [GIT PULL] Kernel lockdown for secure boot To: Andy Lutomirski Cc: David Howells , Matthew Garrett , Ard Biesheuvel , James Morris , Alan Cox , Greg Kroah-Hartman , Linux Kernel Mailing List , Justin Forbes , linux-man , joeyli , LSM List , Linux API , Kees Cook , linux-efi Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 3, 2018 at 3:39 PM, Andy Lutomirski wrote: > > Sure. I have no problem with having an upstream kernel have a > lockdown feature, although I think that feature should distinguish > between reads and writes. But I don't think the upstream kernel > should apply a patch that ties any of this to Secure Boot without a > genuine technical reason why it makes sense. So this is where I violently agree with Andy. For example, I love signed kernel modules. The fact that I love them has absolutely zero to do with secure boot, though. There is absolutely no linkage between the two issues: I use (self-)signed kernel modules simply because I think it's a good thing in general. The same thing is true of some lockdown patch. Maybe it's a good thing in general. But whether it's a good thing is _entirely_ independent of any secure boot issue. I can see using secure boot without it, but I can very much also see using lockdown without secure boot. The two things are simply entirely orthogonal. They have _zero_ overlap. I'm not seeing why they'd be linked at all in any way. Linus