Received: by 10.213.65.68 with SMTP id h4csp130048imn;
        Tue, 3 Apr 2018 17:07:40 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4+Gtt3cHGCxFULuTzmp0MYiJGyF2kXR4sry6pe5DYp1aPZADUgOXVFnO/PNQPSqRXFl3KTl
X-Received: by 2002:a17:902:a610:: with SMTP id u16-v6mr16036216plq.293.1522800460422;
        Tue, 03 Apr 2018 17:07:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522800460; cv=none;
        d=google.com; s=arc-20160816;
        b=BDVVNhCWuXKxUxOifHRtyOQE6zxqe3FQcs3yeTMiJyo398Kdg9gFaAK2RA3WLqYzsG
         cfTwqm/jENAm8LUVM3SNgEZ32je6iEPc8aAl3Z6XIX4Jyx0Xcg03wry7zHjhUoz3lidW
         cehCcysP4wJeAmf452LRPpxkbluvNOsxzAFkiTIkpDmE2v0cksWIM49j+Fw8KRn6UqKm
         uUi7PPfzmY9HWTrAPzHRnbe1bA1gCdiHIEjG8KKO6Yc11PyzbgdCAprv0keyPMPZBU+E
         XSXES2OLBfm5xIyEfzqrAzB3shufOkB28w3OsjIdlqA8Sf3qOt4tOsl/0l0B4742Nras
         xRNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=wjlQEXd8+3L2I6FlljpFGcVqgtVWd5XnfB3xbaLYRHo=;
        b=kUwWQLoydC45T/jfJ8ghz0NV2py013vpGKwqhDxpqyiJUsmDctvqJEr5QOyjcwGiat
         DymzCPZgGh+gxJvd83ck2XMU01qMFRCU63M1/VphYr+YtWMF+mBEQkEBcafA/Wfhu0g4
         UUesZCshUDDLQugLh3tAA3mmnA5lso73fEoo+/Zzr89bsYXHaoHLijFeTMvHUjep+pBc
         tIIBxYPDML0yJfb9YX1p7/E30pfCsXwJE4GSyFdS7CkyYD6It0FZXlTmYDCkUHUP6C9W
         CZTkrAjHLvBTAE9hvtTygE1Qk9UWrqg3YWGFLWfsPwZuKvWzv0cLcoy5walWo05DrFmA
         R6Dw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=JL4+U6VC;
       dkim=fail header.i=@linux-foundation.org header.s=google header.b=coVQcS7S;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p24si2983770pfh.328.2018.04.03.17.07.26;
        Tue, 03 Apr 2018 17:07:40 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=JL4+U6VC;
       dkim=fail header.i=@linux-foundation.org header.s=google header.b=coVQcS7S;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755994AbeDDAGR (ORCPT
        <rfc822;paul.schmitz.hallo.parkuhr@gmail.com> + 99 others);
        Tue, 3 Apr 2018 20:06:17 -0400
Received: from mail-io0-f194.google.com ([209.85.223.194]:36639 "EHLO
        mail-io0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753927AbeDDAGP (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Apr 2018 20:06:15 -0400
Received: by mail-io0-f194.google.com with SMTP id o4so24150992iod.3;
        Tue, 03 Apr 2018 17:06:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=wjlQEXd8+3L2I6FlljpFGcVqgtVWd5XnfB3xbaLYRHo=;
        b=JL4+U6VCB3A84Pl6QYG0hRoEX+1TjlcUJ+DqfhoLNg2YNFHiv1AUzDqNFREtxHqm3b
         6QRPXcp8f1wubEAGcDoVlD1igFQUzvQKKUpBVIx6mohVxeTa275xLP2MAtdQh28OyRdr
         AiRyAH28vWX3etZDMPWhGJhq4yhOsTXrUwdGkz452XprtYaBP3kEct5vvUEfCAOXZAHd
         Lnr0HyZEFQkX415uJWvxsaSiR7b7y9TUZMyqsTTYOKTtIknDeJ7Z2dmdd4acxsfz+CKj
         GYxDd+O864+/tRwam2xUGa4c/hCJdlHPZk0yK6QWFe8yCL7zD8LgCniY7vsS2nr194pl
         7W9w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=wjlQEXd8+3L2I6FlljpFGcVqgtVWd5XnfB3xbaLYRHo=;
        b=coVQcS7S69aWb111IzZoVPFrlZxc/fTL2Ooy5LziGIvDp0dSzMRKqOzcy3FZu+I7d1
         aYoIVwAbNpmHyWGveebGpA93zWEJ9m8HSv8hmZjizb5yaADJWFUpfVo9YSGiwMoRZ5uS
         nxLwdCSZkwumjz8CEvxoC3mWNg0NPmujlu/tw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=wjlQEXd8+3L2I6FlljpFGcVqgtVWd5XnfB3xbaLYRHo=;
        b=WPhi9Zbb5v5c9IMLGjcvTNcf5Vw/bJL+eNHisNxakr2eQYFpm/G6DuyOHPES4DV4ue
         +jGltedIaZOhgDIbGeCYOZOgEyznARa3UU4BJtXHTged/ebqSg9ii5lZhBKPvqDN2PuM
         UhLfS8PAeyxkW+Anb7+w7oPi/isx2h24lusdQ5gz9LlfLUMilhGVQXbOXUCk8EVBYsv5
         kiRt08lnKWmNGoYSdjmBjY2+TuFuA2hm0YDVkD2Xy/GlMPC0mhN/L2GBh6TuQD7ZoClh
         OnKIIZiwPFq9Y9m5uxpgneqmIV0sFa/gsJtZtNF1dKFpdzeXdOhhaEHGNB5xfxjPfQ8p
         Uw9Q==
X-Gm-Message-State: AElRT7FH0Qrs1A30EFGPpP+4h+bAjN6BAEAj30xH8GQPm9L50T4MQ9D5
        aOYCQPJ+s08m5LampE+0QfncwAlC0qDwgWVaMS0=
X-Received: by 10.107.182.214 with SMTP id g205mr15392792iof.203.1522800374082;
 Tue, 03 Apr 2018 17:06:14 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.95.15 with HTTP; Tue, 3 Apr 2018 17:06:13 -0700 (PDT)
In-Reply-To: <CACdnJuvqQQ+hidokY5GA7g-yrAs5-358it0cs+m_d4RFDMuB_w@mail.gmail.com>
References: <4136.1522452584@warthog.procyon.org.uk> <alpine.LRH.2.21.1803311145180.7769@namei.org>
 <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk>
 <CALCETrUFOdrH5ShCCd8yguGjC2NtG8fJY7AW26HH467-02UVGA@mail.gmail.com>
 <CACdnJut31+ZtiR40nkOjm89cfUxS0EM=w-oG69PtWHbXYJQxPg@mail.gmail.com>
 <CALCETrXeVod=kNpG-M7yKAMM0-n+PMg_OakN6ecWrTPmKXgMLg@mail.gmail.com>
 <9758.1522775763@warthog.procyon.org.uk> <CALCETrWHS9p1My=j07=V=OP7v4SwQkW-kJ3JOx6EbPU8fb_XEQ@mail.gmail.com>
 <13189.1522784944@warthog.procyon.org.uk> <CALCETrX4CuHVpn38R24TCcJgCBLSbh-sOD-qcD5kYF8Zo53ZJw@mail.gmail.com>
 <9349.1522794769@warthog.procyon.org.uk> <CALCETrV6E+r942K+fu-ALNf-x6qOZ3o1hNKGeu7qEMvr8sMP9A@mail.gmail.com>
 <CA+55aFxKzxdRZthzaokaGPAsWCp3a-p3aVfJSutF+9Fp9sbaVA@mail.gmail.com>
 <CACdnJusSfwULV-ubvgtYd8G_cTF4LnJ4DAeTCux4XRhHKVpBUw@mail.gmail.com>
 <CA+55aFzG==xr2OLK8F03RH0nkUDeP6btWqepFTuHZqkPTAOWjQ@mail.gmail.com>
 <CACdnJuv_=ihPut=5OvCYEphdBOn7+JrKacBbNa0n3wv_JvFMzg@mail.gmail.com>
 <CA+55aFyWNok1K-Jo3TQAXGXHvFOTvuOb-Hw977B9RGjBa7prrg@mail.gmail.com>
 <CACdnJutZFKX+izBxRYbyxefT5KrKhVV0XsymU=vBhywd+TOE3A@mail.gmail.com>
 <CA+55aFwVUmjZ+Swe9xUdDOEE+EOoaU3dh7BcrH74BOLCi8y_Kw@mail.gmail.com> <CACdnJuvqQQ+hidokY5GA7g-yrAs5-358it0cs+m_d4RFDMuB_w@mail.gmail.com>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Tue, 3 Apr 2018 17:06:13 -0700
X-Google-Sender-Auth: 0iIvTw5Ee6TK_KmEDeXbN0UpXj8
Message-ID: <CA+55aFwJBGCr-anrdV9N63fUH4V_QJqgr0_fJyHhH=fuqGAoog@mail.gmail.com>
Subject: Re: [GIT PULL] Kernel lockdown for secure boot
To:     Matthew Garrett <mjg59@google.com>
Cc:     Andrew Lutomirski <luto@kernel.org>,
        David Howells <dhowells@redhat.com>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        James Morris <jmorris@namei.org>,
        Alan Cox <gnomes@lxorguk.ukuu.org.uk>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Justin Forbes <jforbes@redhat.com>,
        linux-man <linux-man@vger.kernel.org>, joeyli <jlee@suse.com>,
        LSM List <linux-security-module@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>,
        Kees Cook <keescook@chromium.org>,
        linux-efi <linux-efi@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Apr 3, 2018 at 4:59 PM, Matthew Garrett <mjg59@google.com> wrote:
>
> Ok. So we can build distribution kernels that *always* have this on, and to
> turn it off you have to disable Secure Boot and install a different kernel.

Bingo.

Exactly like EVERY OTHER KERNEL CONFIG OPTION.

Just like all the ones that I've mentioned several times.

Or, like a lot of other kernel options, maybe have a way to just
disable it on the kernel command line, and let the user know about it.

That would still be better than disabling secure boot entirely in your
world view, so it's (a) more convenient and (b) better.

Again, in no case does it make sense to tie it into "how did we boot".
Because that's just inconvenient for everybody.

                Linus