Received: by 10.213.65.68 with SMTP id h4csp113541imn; Tue, 3 Apr 2018 16:44:28 -0700 (PDT) X-Google-Smtp-Source: AIpwx49dp2scHCLE/HL9yPT397egHXKoI09ShVgSvOumrbuUqq3xS6kQUXvgRT0B1p1PaJ83kokr X-Received: by 10.98.214.218 with SMTP id a87mr12161305pfl.124.1522799068723; Tue, 03 Apr 2018 16:44:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522799068; cv=none; d=google.com; s=arc-20160816; b=N7CLOIwTjapFwmgCjGSlGOksv44mryDhAdyZDOYyO5SIBgmzB7W3lNAF+rVuJ/IaaU yDhCHfZikMmI2oHj8IvkIOpR+QOxRNh/Kx0UFTWHlbu9KolSlVl0/K2H4VlwtKg3pHVO BPqa7FfM2XiJ61JgnTMbhfypjRoy6OMbLaDt1J75VucDHbvjZqT1HPV99crih8P3kCmE jBMA+49BaH4oU22nieydisRHWoozlPtT6sLOuMnjaz31ugtHglcWomE2gegmL7y7HIKO 3hmCbz/T2A+9YLK/DrcCNAEDY6Cqz/fuobCcQyPO8+fyGBJ3zDaSzpprEpsMnbidWsoN wrtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dmarc-filter :arc-authentication-results; bh=+TJRp86uzh0R9isJ8jHCDZJOYUlK9KR1zkWJhx+CJHw=; b=GpC17lO6Q7PIeNr9gYPGdsVjli3mVrOUwJlPwl6s5Y1haydnIubSFILMBR2vcr8iM/ 1eIzWBSg/M+vUW4PyzYlew2E8tbnleA6xeS63+V83jAVQQ7jZkzgMH9GK8mRtsQez52v BLXEBdQ1fb+9rPAsQjMIjw1RA4WHTwA1mPZZ2436rHZgzd7e9g9x1kKvxG9Od3UjzYze nam5ZnOLQP0oyj6Iq9Ov7LT4KTyZak5S1Ez/nvlHFgx60HnQpZO308sT4kKYnA05yV6S u1Xnalpa/ddW6q6NoP6NwREvH6BVLlaHdTaOdk2u4b8JQ39mRVCs3ps/NVFUaZIszm6M d7uw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v6si2691219pgc.526.2018.04.03.16.44.14; Tue, 03 Apr 2018 16:44:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753999AbeDCXnL (ORCPT + 99 others); Tue, 3 Apr 2018 19:43:11 -0400 Received: from mail.kernel.org ([198.145.29.99]:55102 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753658AbeDCXnI (ORCPT ); Tue, 3 Apr 2018 19:43:08 -0400 Received: from mail-io0-f174.google.com (mail-io0-f174.google.com [209.85.223.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id CB5FA21836 for ; Tue, 3 Apr 2018 23:43:07 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CB5FA21836 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org Received: by mail-io0-f174.google.com with SMTP id o4so24103304iod.3 for ; Tue, 03 Apr 2018 16:43:07 -0700 (PDT) X-Gm-Message-State: ALQs6tA3q0BjEfBxRWjxTji7hVesULCACfGLXy/Wl23AZCLFFEzv3wqE I2CCRf1io2RPflvunYXduHJr2GPFKF4HLEzENVoqoQ== X-Received: by 10.107.138.88 with SMTP id m85mr14150703iod.150.1522798987141; Tue, 03 Apr 2018 16:43:07 -0700 (PDT) MIME-Version: 1.0 Received: by 10.2.137.70 with HTTP; Tue, 3 Apr 2018 16:42:46 -0700 (PDT) In-Reply-To: <10232.1522797179@warthog.procyon.org.uk> References: <4136.1522452584@warthog.procyon.org.uk> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> <9758.1522775763@warthog.procyon.org.uk> <13189.1522784944@warthog.procyon.org.uk> <9349.1522794769@warthog.procyon.org.uk> <10232.1522797179@warthog.procyon.org.uk> From: Andy Lutomirski Date: Tue, 3 Apr 2018 16:42:46 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [GIT PULL] Kernel lockdown for secure boot To: David Howells Cc: Andy Lutomirski , Matthew Garrett , Ard Biesheuvel , James Morris , Alan Cox , Linus Torvalds , Greg Kroah-Hartman , Linux Kernel Mailing List , Justin Forbes , linux-man , joeyli , LSM List , Linux API , Kees Cook , linux-efi Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 3, 2018 at 4:12 PM, David Howells wrote: > Andy Lutomirski wrote: > >> I'm having a very, very hard time coming up with a scenario where I >> can "trust" something if an attacker can get root but can't modify the >> running kernel image but I can't "trust" something if the attacker >> can [modify the running kernel image]. > > (I think the above is what you meant) > > Let's go at this a different way. How do you decide you can trust something > in this context? You compare it to something. Signing it, keeping a hash > whitelist, IMA - these are all ways of comparing something. Do you agree with > that? I trust or distrust a system as a whole. I don't make that decision by comparing it to anything. I make it by evaluating how the system works and deciding whether it's trustworthy. > > What use is secure boot if processes run as root can subvert your kernel? > Secure boot serves several purposes: 1. Anti-competitive purposes. It's intentionally difficult to run non-Windows OSes on Windows ARM machines, for example. 2. Allowing me to use a stock UEFI machine to have a verified boot chain. The latter has nothing whatsoever to do with CPL0. The former, however, does. If I could easily write some Windows program to run CPL0 code, then I could chainload Linux using the Windows image, and I've subverted the purpose. Cynical? Yes. >> > There's no point bothering with UID/GID checking either. >> >> Give me a break. There's a *huge* difference between a system where >> only root can load unsigned modules and a system where anyone can load >> unsigned modules. > > I don't think we've ever advocated letting just anyone load a module. > > But my point is that if you can modify the running kernel, you can nullify all > security checks, including UID/GID checks. > >> > However, if /dev/mem can be read, any root process can extract the session >> > key for your disk. >> >> Any root process can read /dev/mapper/plaintext_disk, lockdown or otherwise. > > True - for now - and they can also access the mounted filesystem. But if they > get their hands on your powered-off computer, no, they can't. This is, IMO, a silly argument. You're saying that some bad guy has managed to run code as root on my laptop. Then, next week, the bad guy steals my laptop while it's powered off, and Lockdown is supposed to protect me against that bad guy. If this happens, I've already lost completely, lockdown or no.