Received: by 10.213.65.68 with SMTP id h4csp131820imn;
        Tue, 3 Apr 2018 17:09:58 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4/W+n4/o+/F1qqahP+Het9BjC6Q8H80YGoqMJLyk3nq7qLp/tr4CT1xriYW3hCFQu93+REf
X-Received: by 2002:a17:902:822:: with SMTP id 31-v6mr16623933plk.200.1522800598903;
        Tue, 03 Apr 2018 17:09:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522800598; cv=none;
        d=google.com; s=arc-20160816;
        b=fFrUBY8UhRW9Th7PoJOx6c6LqXZc/Jvo+AzA8aUgETZp5+yWZOXowiGfwaJxzh8KSF
         hcG4plVfLDFriIfHuzOWzyd8LnSODm8yz6ZCHg1gKO2Xqvq29kF1TMxzV+gDA0lSn69A
         qmX3fx//uLfcIXbCV9yQNwvjIpRpl7WOWKASk05Hpu8ketgOB11V/nLox0Ovj8OZVGwn
         q/9puMpCIVEVZH5dKkkr4OT3iEJrqJet3yqVjOHnhOk35UPA78OiCa9UgPtIrdOIlBkn
         fg/lqMJ/jtJ9V/ujDJo2vGf4NQDEjd9vQ/0Xu32ULlm4MIsrwu2uV14Rsz5ZvwU66Vmv
         CHyA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=mg6i2aTsW7Fo3+jiCK9VrN7w//Y5mQFpOdPqje+jT1g=;
        b=dP5SRQvE5qnXU5T0a525mu6n3c5swYT8gIOb6+GM7Nu2Nw1XH/bSaH0OW0xF10GpU2
         mLsh0CwRN6H+y9JMYE7ve6om3+KqiaBJqJRJMf29wYpy4OD1NPJjvewdAdsC+egps7Ru
         NzjEJ3fMnOQAwisWixmsMfmnZe4OdLmZ25zBM98WMEbca26is3QM4dxwG7yn5tFKdIqN
         5irIWbt3XS0junJwdmbQ4YlCET6ZuXWWLi7+TFCsDNFDn1QMWwxBQlrr5sxxOeDq1yul
         qdybAf9QOupza6h/QaNaRGcEXQgQ+Xi91L36r6687irh6XRLf3IQxxUQRi8I4h8A3itt
         4m8w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=tekQMCpP;
       dkim=fail header.i=@linux-foundation.org header.s=google header.b=Ouj6xCI4;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n23si2741582pgd.345.2018.04.03.17.09.44;
        Tue, 03 Apr 2018 17:09:58 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=tekQMCpP;
       dkim=fail header.i=@linux-foundation.org header.s=google header.b=Ouj6xCI4;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1756019AbeDDAIh (ORCPT
        <rfc822;paul.schmitz.hallo.parkuhr@gmail.com> + 99 others);
        Tue, 3 Apr 2018 20:08:37 -0400
Received: from mail-io0-f194.google.com ([209.85.223.194]:45433 "EHLO
        mail-io0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1754966AbeDDAIc (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Apr 2018 20:08:32 -0400
Received: by mail-io0-f194.google.com with SMTP id 141so24126385iou.12;
        Tue, 03 Apr 2018 17:08:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=mg6i2aTsW7Fo3+jiCK9VrN7w//Y5mQFpOdPqje+jT1g=;
        b=tekQMCpPugYdlmqaif11XklBahjFSoMFdtsiegeA/4QUsMUadvfh/EWDklZa/0Oypr
         QgpimkpOftU+e9fauKZi0MC3Bi5iJlYaVPAHniLAY1POrRgqJ2CcQcgR8IUrvn9ap3/U
         CWAf78Mrw74VvJWRK1hpXaaWpqRoIaletcIrLAgKwCic85CZ3bZdwmCm2Dt48FX9JP4N
         IxNyoFdwxFvqKVyf1v3oxyvIXFvL9Da206U/niOEz9v9iye18dYQqvU+Endoml4dxhFd
         +HjSPwe7uw1Xinsaj7sRf7DDqcsBvEZJnRbLy4cfaXpuYFjQvmcyuFb5kkKYVjCwuWaR
         OMZA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=mg6i2aTsW7Fo3+jiCK9VrN7w//Y5mQFpOdPqje+jT1g=;
        b=Ouj6xCI4hGFJIU06skiGUpDXjTbmvRsoq87Zaqzb2++PlMUkVWd1/aOSNt5yHvr4Nb
         Q3sOO2vXihRp6STGBEWOuXncWUctCYvfOH5fFkclu1hrXDmgE4GCu4maL6dNIF9f0kbU
         BJlKIvZN9EANP2yf4GdnSSgQEbSRnzB9A7R/s=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=mg6i2aTsW7Fo3+jiCK9VrN7w//Y5mQFpOdPqje+jT1g=;
        b=VQ7AP7B5wiZ3EaG4zjbl1uhjx16Wz4Zq3+NyJrnG9NvSOpakI2ihz/kTnOn5cDhETX
         5XzL5iAHTBVO5xlkuGHindmMGlJHzZBg5g61KN7DtbBLK5J5yCZPLM6mpNWvfWZV5E96
         zs8NR7Wx+W3CtpCMPuti8MC8EDSu2mdFmXFK7bAPdDtmrGIV65a3CmvxJP711jEP0Ea+
         eXKwigVkWcgUJZHlT13/h6Kki0cdiykORcqA0MiRjncMUp6gRCyxLH7lK/vCBWToxTuY
         XGP3Ch5bhCzeCmfdrkORhvUar2XgDeccFnU7jqe4jHK7lE7F16ilUlI2VqgR0XuSBZql
         tlFQ==
X-Gm-Message-State: ALQs6tA6f7FodGjJ8UTdfVosTdT9TOL/eBTHguDQqat4lvZbqayzDoQ1
        MV3ilHONzDCIMK4z6WSb0djcjqn2jIHKIizCFOo=
X-Received: by 10.107.12.201 with SMTP id 70mr14480708iom.48.1522800511482;
 Tue, 03 Apr 2018 17:08:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.95.15 with HTTP; Tue, 3 Apr 2018 17:08:30 -0700 (PDT)
In-Reply-To: <CACdnJutOAPTmPm6dmHiw4+8rj=M7B1SiCkPaRZLmi9-CCuRyNg@mail.gmail.com>
References: <4136.1522452584@warthog.procyon.org.uk> <alpine.LRH.2.21.1803311145180.7769@namei.org>
 <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk>
 <CALCETrUFOdrH5ShCCd8yguGjC2NtG8fJY7AW26HH467-02UVGA@mail.gmail.com>
 <CACdnJut31+ZtiR40nkOjm89cfUxS0EM=w-oG69PtWHbXYJQxPg@mail.gmail.com>
 <CALCETrXeVod=kNpG-M7yKAMM0-n+PMg_OakN6ecWrTPmKXgMLg@mail.gmail.com>
 <9758.1522775763@warthog.procyon.org.uk> <CALCETrWHS9p1My=j07=V=OP7v4SwQkW-kJ3JOx6EbPU8fb_XEQ@mail.gmail.com>
 <13189.1522784944@warthog.procyon.org.uk> <CALCETrX4CuHVpn38R24TCcJgCBLSbh-sOD-qcD5kYF8Zo53ZJw@mail.gmail.com>
 <9349.1522794769@warthog.procyon.org.uk> <CALCETrV6E+r942K+fu-ALNf-x6qOZ3o1hNKGeu7qEMvr8sMP9A@mail.gmail.com>
 <CA+55aFxKzxdRZthzaokaGPAsWCp3a-p3aVfJSutF+9Fp9sbaVA@mail.gmail.com>
 <CACdnJusSfwULV-ubvgtYd8G_cTF4LnJ4DAeTCux4XRhHKVpBUw@mail.gmail.com>
 <CA+55aFzG==xr2OLK8F03RH0nkUDeP6btWqepFTuHZqkPTAOWjQ@mail.gmail.com>
 <CACdnJuv_=ihPut=5OvCYEphdBOn7+JrKacBbNa0n3wv_JvFMzg@mail.gmail.com>
 <CA+55aFyWNok1K-Jo3TQAXGXHvFOTvuOb-Hw977B9RGjBa7prrg@mail.gmail.com>
 <CA+55aFx9u-O81MwSq8zpb+MKaWYjYvtEcFu1NLP1_s63ED6_3Q@mail.gmail.com>
 <CACdnJutkO9dgz=HZpPRR9PZC=+cHh97dRUiGB+D3gruZr6U9Kg@mail.gmail.com>
 <CA+55aFxZN_p_cU94z7QN8=HnPanRrpRHH7UUkOBaFDSjfrivnQ@mail.gmail.com> <CACdnJutOAPTmPm6dmHiw4+8rj=M7B1SiCkPaRZLmi9-CCuRyNg@mail.gmail.com>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Tue, 3 Apr 2018 17:08:30 -0700
X-Google-Sender-Auth: FV6Kf0gpbfhfVqu9axvi7UQ3QC8
Message-ID: <CA+55aFzH6doC2F1xBitPRwTZtbiCO_mX+QVcJ8HQCdsdD3Vmpg@mail.gmail.com>
Subject: Re: [GIT PULL] Kernel lockdown for secure boot
To:     Matthew Garrett <mjg59@google.com>
Cc:     Andrew Lutomirski <luto@kernel.org>,
        David Howells <dhowells@redhat.com>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        James Morris <jmorris@namei.org>,
        Alan Cox <gnomes@lxorguk.ukuu.org.uk>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Justin Forbes <jforbes@redhat.com>,
        linux-man <linux-man@vger.kernel.org>, joeyli <jlee@suse.com>,
        LSM List <linux-security-module@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>,
        Kees Cook <keescook@chromium.org>,
        linux-efi <linux-efi@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Apr 3, 2018 at 5:04 PM, Matthew Garrett <mjg59@google.com> wrote:
>
> How? When there are random DMA-capable PCI devices that are driven by
> userland tools that are mmap()ing the BARs out of sysfs, how do we
> simultaneously avoid breaking those devices while also preventing the
> majority of users from being vulnerable to an attacker just DMAing over the
> kernel?

.. if that ends up being a real problem, then you print a warning and
tell people to use the kernel command line to disable things.

And if it's a big and common problem, then the answer may be that
lockdown has to be entirely OFF by default, and you instead just tell
people to enable it manually with a kernel command line option.

Still better than telling them to disable/enable secure boot, which
they may or may not even be able to to.

                 Linus