Received: by 10.213.65.68 with SMTP id h4csp129937imn; Tue, 3 Apr 2018 17:07:32 -0700 (PDT) X-Google-Smtp-Source: AIpwx49JPIzWASRmRHJVXJoMSI416160OxvegOzJh52GrWXSbvVlyrBYJoIk0PNVuBqdF2w6CyGq X-Received: by 10.99.111.139 with SMTP id k133mr10714290pgc.236.1522800452853; Tue, 03 Apr 2018 17:07:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522800452; cv=none; d=google.com; s=arc-20160816; b=EvzAAhBhwPHVf57kGOE6axZ9DK7hVZsoNMyAcXAV3urqWHGOki/V3K5A7D6SRPcuIh RB+LMwJwKoEBpzWN52ifGLDj24HS3Z9+9uKq38rFBHz+FpLk1rHdLLDWFMQqE+qBeRCy CG4ESCUYmxjVM9z9D2zDW0LN74/Po+kqvU7509ADeR1nnbhpTXyBtclZbBj6YZDSJVBT 6/RhJG95zJwnU7yNmypiyJ5Z5zT5diP3q2l4S/wh93WtA8zBEooUwxTh/0b/nm5uyXha FzxOva602vyp3NmZGlIJarPuuB8/UhJr5rB3PdbTv3Xm6vNMrqTNSl3yCt82U1Tl27cI JMfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=t+Sb7v7qq13jAhAkmxa05Al+TNTUliiUYVXAHQLZT8I=; b=A4unsxTtJm8WdLMywteqSXr7VaZZySsk3GhqY23j7EnUERq1ZaOZHMh/cEWQzN8i4B zhDCdzVVhL+xkdZM/PgPPbL0oGrUvUhu6qorTcy+37MLPpx7klBSOh4hdAqMpUMa40fq Pl+zPiljq71YmFQnWjJaefBkw1M4U129HDPtKgvWfm6pFJ2GBtdNtLkD9fIG9t/P569+ QvCwp/RWDYU7MErRyx4B32HjAQXJ9bXG70RJlvmMVR6SPwVcLldluAwg7mFV3AnOm+BZ 58WzibIaeafdTwxoan1DzekvkYTylbiNhRZJnHbL7vlg3hQZkGUZtt7W13ZDTGAzGCXd cRDA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=jMZH7MhH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s15-v6si1909195plj.701.2018.04.03.17.07.19; Tue, 03 Apr 2018 17:07:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=jMZH7MhH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756034AbeDDAFF (ORCPT + 99 others); Tue, 3 Apr 2018 20:05:05 -0400 Received: from mail-it0-f67.google.com ([209.85.214.67]:39695 "EHLO mail-it0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755942AbeDDAFC (ORCPT ); Tue, 3 Apr 2018 20:05:02 -0400 Received: by mail-it0-f67.google.com with SMTP id e98-v6so25128682itd.4 for ; Tue, 03 Apr 2018 17:05:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=t+Sb7v7qq13jAhAkmxa05Al+TNTUliiUYVXAHQLZT8I=; b=jMZH7MhH2X9/nl9jWbtpteNP7gqlk04Qdg96cvGVo+U/2YNmHeTnSAGSB325JyFWc3 1gz2Vz9VQuWp3G63gVBh925qGjaQVyf6+WbLPLtevEb77cxqSEDL6oiaMYf2xikuhSGx 0BmrZj24CU0uJUXUOpvb1cbthHW+wdcFxJQV8VIYq7qU1kLRrNY7RKBYf4/83wAM7QJJ 8WnampK6J8OMDbhaDiyrXn4yqT6HPdPetKG+tvZgHYnqGBJBlhWLxO3ve6hZiWDfTXWI NTgN7EkdO6cBe8yWpZu/qpQjhRlNA7qvhi0QOnyVNTe/rm3vCDaEuQdOdHq8VsYajF5m eD5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=t+Sb7v7qq13jAhAkmxa05Al+TNTUliiUYVXAHQLZT8I=; b=AmQFJMMioasBpfkIaocyGcMGrkKOnzSvceP02w2X1XPwugiRZbfuemzGxPOYqQYmIg wyzy5irGWrOzzn4WIzQ2sm9rbBqteR1d1TX0IxOlZv2j18bMP+et3ifqSXWpM5cFGMaJ XoEbMq6QaK3BkJFEceHZv5rm8b5JNzQCnFB8hsK2jwOlf8xFqh7V2nhkbuVcNK/PI3th E7yv9Kw6iIrXu1dCvVRvKM8GJTjUslhiE/46vAAv2JwiOTtuLWCfeswFECjcGqc/FqNp dcciDZYXlpGxWMEVkYnoste4LloNjTx1UNjIJEn1PbSnbWPk6R4RugXk1qDQgoZt6wW5 mAWg== X-Gm-Message-State: AElRT7HXRB9GcMQZdORMnqhE/yHSW2MwOkhb6m2j9vzGuqKrhDAOhW3F wseqZ+VHkMs0us74mPKS9xaczBHyrDm9pTxn3g3fNg== X-Received: by 2002:a24:530f:: with SMTP id n15-v6mr6966996itb.123.1522800301471; Tue, 03 Apr 2018 17:05:01 -0700 (PDT) MIME-Version: 1.0 References: <4136.1522452584@warthog.procyon.org.uk> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> <9758.1522775763@warthog.procyon.org.uk> <13189.1522784944@warthog.procyon.org.uk> <9349.1522794769@warthog.procyon.org.uk> In-Reply-To: From: Matthew Garrett Date: Wed, 04 Apr 2018 00:04:51 +0000 Message-ID: Subject: Re: [GIT PULL] Kernel lockdown for secure boot To: Linus Torvalds Cc: luto@kernel.org, David Howells , Ard Biesheuvel , jmorris@namei.org, Alan Cox , Greg Kroah-Hartman , Linux Kernel Mailing List , jforbes@redhat.com, linux-man@vger.kernel.org, jlee@suse.com, LSM List , linux-api@vger.kernel.org, Kees Cook , linux-efi Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 3, 2018 at 5:02 PM Linus Torvalds wrote: > On Tue, Apr 3, 2018 at 4:47 PM, Matthew Garrett wrote: > >> Another way of looking at this: if lockdown is a good idea to enable > >> when you booted using secure boot, then why isn't it a good idea when > >> you *didn't* boot using secure boot? > > > > Because it's then trivial to circumvent and the restrictions aren't worth > > the benefit. > Bullshit. > If there those restrictions cause problems, they need to be fixed regardless. How? When there are random DMA-capable PCI devices that are driven by userland tools that are mmap()ing the BARs out of sysfs, how do we simultaneously avoid breaking those devices while also preventing the majority of users from being vulnerable to an attacker just DMAing over the kernel?