Received: by 10.213.65.68 with SMTP id h4csp105140imn; Tue, 3 Apr 2018 16:31:29 -0700 (PDT) X-Google-Smtp-Source: AIpwx49jHrubNKtTYRmQmeZd2pn9BfzV1wNAFW2AoKs8A61J3I7To9CjCXXU0TYqwFDhfi9pZYUS X-Received: by 10.167.130.2 with SMTP id k2mr8096061pfi.14.1522798289276; Tue, 03 Apr 2018 16:31:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522798289; cv=none; d=google.com; s=arc-20160816; b=jHJdpn2Fi1NM35zNf6bE7Uv/D/GUqTHq7Vl/DeKzqpOQp0e2ZFjALw85AErBktW+EI cslFYS7PRN/i9ij80+Cjg6Ia5nk01YI3ufw9AdL9Y8QBU3nrR3JXFcOmOhX3jSG4Oby3 PSSe/r5IUWtztRrNycRBSr464HvXn57bMtSrxEcLqXBi7Yh3NM3tMeqGsByeUcBxtknc OmXUjTH32qXvWgVikkW3vJyq/SDg+s2npFqlEjlTqFY/7aaKtHdC4mW3cg3rReey6jN1 GQgmRj0cUgw86ljYFMfjcGA26+KNwRBmcpGMf55XsEiEO3FGVICt+5IkNI4rH5iCSvwp Pq4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=bP/62SQH6xVDjORC7WhS4c8wA/qDKR/brG3N4XbN88c=; b=gOjBaMVGUGKwVEyERIcmZAhKWgJuR4GueIIm4H8g0HGMaMCKPqHka2sR4zkh/pCY92 bOeGWLOs2aSSvOqu5EVkdnXsosgaw03W3paCtIyWgRNb1Dfk4cOTXbv+/qrSwUtUH+at JLDiQHTwFy0Bgdo7f70njT0JPI5wy7pBlGCKByNwQOX51NtvREDEtTz+QJFxZiPCoIFl DjzTeL58fUtQgDWmOQrxeWMXbnzIXJOGxp8ppa52SN5NaqurS0GiTM79IBdDKckmmf4n o8fztsAweTzp0FKDMuzmvyDvwlHiFwtZ954llINauzWlE4TRNb5bUTzbroYst2A9exBH gfeg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=JgFkCf+m; dkim=fail header.i=@linux-foundation.org header.s=google header.b=VE0MgpWD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r11-v6si1711994pls.579.2018.04.03.16.31.15; Tue, 03 Apr 2018 16:31:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=JgFkCf+m; dkim=fail header.i=@linux-foundation.org header.s=google header.b=VE0MgpWD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755481AbeDCX1d (ORCPT + 99 others); Tue, 3 Apr 2018 19:27:33 -0400 Received: from mail-it0-f66.google.com ([209.85.214.66]:36106 "EHLO mail-it0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754164AbeDCX13 (ORCPT ); Tue, 3 Apr 2018 19:27:29 -0400 Received: by mail-it0-f66.google.com with SMTP id 15-v6so14840843itl.1; Tue, 03 Apr 2018 16:27:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=bP/62SQH6xVDjORC7WhS4c8wA/qDKR/brG3N4XbN88c=; b=JgFkCf+myf7nsPDJX0riJOARngEiuQJwB7JBqQQ3zGryi0twUgXGpHxbtkjFUqWQey Gj+sasFji81L9VssfIcHZhsYPtMa3JS0GWnZ97mb9tk4UXGQ9yGxz3h89QfjXRlFPa7e 0ti3M/0B/5Wd98KfJenx4Tp70T5Huxegc3gIHjQhOVt0VgdI2DsmZBhUepdgzyt+MR1j XvrVQzx0a5zdWw5eJE4RgO6sPs/W0BJDRVmDZeONzIjZlhCf/KmslHU+fFZncmKy3/D1 WAOaNS0NNF5ByyCdZxOa2JmMHvJIzAJD6SZBeVFzmICwUqAPgRwgTh167WwgbwMoRqWb Rq7w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=bP/62SQH6xVDjORC7WhS4c8wA/qDKR/brG3N4XbN88c=; b=VE0MgpWD2JYA1Qi2VVpVCdsoABwr1sOdDQeU72yPxjTbVmJO3dR1hjSPCcmcoOgiEn +eBc5lxkEnpoqblnhEuuW3uh+fAAh9zlVYvs7U5Twkq5SlWP4Uy6o2GkX6uVTp0ptC3c Ozw73SOPZzEdrOKJQXW2gnGicl6RYg0UXVrgk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=bP/62SQH6xVDjORC7WhS4c8wA/qDKR/brG3N4XbN88c=; b=UtiR6qP7KbwSKCN0YyU5Aw+zubthJfyZCwReAugF0AXj+t2MX3IfoxWmmtVmn5rqPI fqHfHy2NKn1pyHgwbPtFJeKB2UR23WiNFpoTlShgtFrFNKDhE50O1lxF8+Hx2cpmIez9 Pt6LSQbMHs8VXrZbbtZ9+6K4FU8o0EUkxiC+0lElgz18txFSD7Fmdz7PXIqe1fdAWw9p SY74UiDSv2494Zuh41avL+JPb5pWUDVRepT6E3jBDHM+v2epdJc2CSyEVameknAPROr7 kdeysdBcq3+839KKEr5felDqcVVc0yEJR1vpPhBLMloHSLMIvN0aLfQNZA6FMhC/1Pks oPTg== X-Gm-Message-State: ALQs6tCxHzZ2WD+CCRKHSOKB7YC10Y1Yx4nws+OIsTi61I4+GZBu/0K1 ZiPR6ZBqCaz+8xMUxFq99Z2FB/XsCoWCvbgzX/g= X-Received: by 2002:a24:5852:: with SMTP id f79-v6mr7333429itb.108.1522798048887; Tue, 03 Apr 2018 16:27:28 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.95.15 with HTTP; Tue, 3 Apr 2018 16:27:28 -0700 (PDT) In-Reply-To: <10232.1522797179@warthog.procyon.org.uk> References: <4136.1522452584@warthog.procyon.org.uk> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> <9758.1522775763@warthog.procyon.org.uk> <13189.1522784944@warthog.procyon.org.uk> <9349.1522794769@warthog.procyon.org.uk> <10232.1522797179@warthog.procyon.org.uk> From: Linus Torvalds Date: Tue, 3 Apr 2018 16:27:28 -0700 X-Google-Sender-Auth: 0bhHB1E77AOJB1NVuqIlkK30iso Message-ID: Subject: Re: [GIT PULL] Kernel lockdown for secure boot To: David Howells Cc: Andy Lutomirski , Matthew Garrett , Ard Biesheuvel , James Morris , Alan Cox , Greg Kroah-Hartman , Linux Kernel Mailing List , Justin Forbes , linux-man , joeyli , LSM List , Linux API , Kees Cook , linux-efi Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 3, 2018 at 4:12 PM, David Howells wrote: > > What use is secure boot if processes run as root can subvert your kernel? Stop this idiocy. The above has now been answered multiple times, several different ways. The "point" of secure boot may be that you had no choice, or there was no point at all, it just came that way. Or the "point" of secure boot may be that you don't trust anybody else than yourself, but once you've booted you do trust what you booted. But the *real* point is that this has nothing what-so-ever to do with secure boot. You may want (or not want) lockdown independently of it. Don't tie magic boot issues with kernel runtime behavior. Linus