Received: by 10.213.65.68 with SMTP id h4csp133642imn; Tue, 3 Apr 2018 17:12:14 -0700 (PDT) X-Google-Smtp-Source: AIpwx49/eeNOay0mSr1ZQAhFilgzhnvI5z4SNXtAzI9hWfStkOtjBxvqef6bqa+HbjLXeUJc5K4k X-Received: by 10.101.66.70 with SMTP id d6mr10402130pgq.234.1522800734851; Tue, 03 Apr 2018 17:12:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522800734; cv=none; d=google.com; s=arc-20160816; b=AqtdPqpqpi8/2EWfEQPhU9Pyy7lHchCLEtC++LxfDoJ9WHHPiHix1hBa7lgZy/+x1g /pBhMiH9NSyDiN2PEiu4S1/zjVfLTdeb9Y7BTFli6Qvho6chqWpVnBpUwbFkGDo8W7GB JjWyn5fK7SO1MNJFh1K/2ASDaNEObaibtd/p4KSjD3NMrvsBnEbcYETx/OQLy/xSCUua 0Dzuyz2Q1YzsIvMW11Gb+OEp03a9nWw6b+Vj9FHMNqWTO5Yo83dmKQDkiDDIDH97GFQB ZD+HPyADgCQPwy2VlaeaDKQfjgk6Z+EzuIT8AMGzQj8vT9Grm8M9gjA2lhcvxgQ91POH 8dIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=TzBE8Tq7QQAeU+75IiZ9F8kPPgouo+3hm0aGhuA1B7M=; b=Aw1YQ71hNvKCQADO9BtwNJv6Rc0uS+JZGOgpBXBcOBYkR2if9XHCpv+xKII6MhCeYK HCRTXyXVpdcSnaWeqPg+g/86ndRkEyaI8YPpCa2I8O53s7XQxzzdlSvGSx0DPTUd+ruD wCfOZKAn25R1BNPsgdFOBu4Cfub+Kr2WZ0XHK7oB9P+BM5JFuaYdczDjJiLHZQ69kj7Q AU++Z0QYeHXyvWWZK8fjqHYiF+FT7BeLeXrp0WLHiNMKVp1cWh5kNji7kleA9+/LvFlp VwOk5wkD+RFnfyfZuEoqMZIEc76+uTOhAp48S6UtwYOS98G0vLel/N8sXiIi30BxHNkn Z7jg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=sBUsv0D9; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p24si2983770pfh.328.2018.04.03.17.12.00; Tue, 03 Apr 2018 17:12:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=sBUsv0D9; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756198AbeDDALB (ORCPT + 99 others); Tue, 3 Apr 2018 20:11:01 -0400 Received: from mail-it0-f66.google.com ([209.85.214.66]:38750 "EHLO mail-it0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755942AbeDDAK6 (ORCPT ); Tue, 3 Apr 2018 20:10:58 -0400 Received: by mail-it0-f66.google.com with SMTP id 19-v6so25132152itw.3 for ; Tue, 03 Apr 2018 17:10:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TzBE8Tq7QQAeU+75IiZ9F8kPPgouo+3hm0aGhuA1B7M=; b=sBUsv0D9/5uD5fwGpNqOH8Q2PA1eH/U7Gvbvks2+JVYu6Vd4RET1zdI1/1QyJ4ZDYQ YMK5Xy0G8KwDyMkn7QECV0BJb9fQB07hYnDCwF/g9KeS0ujw3ANdvzIGInMkrEYRlYJZ d62WDykMOUqhd3F2HJ5Gem7UjJcSjLP0o9nJsMO+KwnOc+7NxKGxD/+XhQPCD++TK5le /0r3x1IG57CxEpVgpFqGYET565ffgobP0dnjR8KxyG+tsELtFrHFbXXugos+CmYvqF/e 1k7+KcDKrchaAtfPd8q60htwZXb3QEBr7VIsOh3Pvld25kQkm5NDzvHKf5d0LAVE7SvL 1qNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TzBE8Tq7QQAeU+75IiZ9F8kPPgouo+3hm0aGhuA1B7M=; b=RS+sL+cGU+ZY4dqNXeONZEnRu+AsQ5b2i4k/ub/O/H79WAS48BJfTsnkNSmomgLKH+ Ti/aOkJrKaitE18vuZMvUhoW9EhO9LtPbD+/DAgC2/cn0+VKSKlaVhKlZnBT0tTKtQ8l 6n6LCort0TcRDxeE4XvQlv+0LgZoQ817UlIjvae8FCF0Sa1M8HWWGRgb4MLE+RRpLkP4 ImTL8d+nFDFeot7zDCVUzwVFi9xm+C1C8k7PstqKy20EhQyLl2YesWJOEp6wL+ZljVeS Jh7om0ZGDzFfpZjSHMYMFnPiRTwmSEBsccgZe/JMKxT2eV1G1hmtMLmgMcHIwhUcsh1W zPDA== X-Gm-Message-State: ALQs6tBRBckgfva5T8zRbA1hJvJKJcUXm9vmuJ5bOLROEK5fDvd6zrdl 2fHvOvOQQSCHvcDZ6oeWPbyxpdbyHauOx56XcvtYEQ== X-Received: by 2002:a24:46cd:: with SMTP id j196-v6mr6931222itb.8.1522800657796; Tue, 03 Apr 2018 17:10:57 -0700 (PDT) MIME-Version: 1.0 References: <4136.1522452584@warthog.procyon.org.uk> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> <9758.1522775763@warthog.procyon.org.uk> <13189.1522784944@warthog.procyon.org.uk> <9349.1522794769@warthog.procyon.org.uk> In-Reply-To: From: Matthew Garrett Date: Wed, 04 Apr 2018 00:10:47 +0000 Message-ID: Subject: Re: [GIT PULL] Kernel lockdown for secure boot To: Linus Torvalds Cc: luto@kernel.org, David Howells , Ard Biesheuvel , jmorris@namei.org, Alan Cox , Greg Kroah-Hartman , Linux Kernel Mailing List , jforbes@redhat.com, linux-man@vger.kernel.org, jlee@suse.com, LSM List , linux-api@vger.kernel.org, Kees Cook , linux-efi Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 3, 2018 at 5:06 PM Linus Torvalds wrote: > On Tue, Apr 3, 2018 at 4:59 PM, Matthew Garrett wrote: > > > > Ok. So we can build distribution kernels that *always* have this on, and to > > turn it off you have to disable Secure Boot and install a different kernel. > Bingo. > Exactly like EVERY OTHER KERNEL CONFIG OPTION. So your argument is that we should make the user experience worse? Without some sort of verified boot mechanism, lockdown is just security theater. There's no good reason to enable it unless you have some mechanism for verifying that you booted something you trust.