Received: by 10.213.65.68 with SMTP id h4csp136862imn; Tue, 3 Apr 2018 17:16:37 -0700 (PDT) X-Google-Smtp-Source: AIpwx49W1+13IQP4zm4xq+hjGbaeusK74BUF8wxz+7/6AnsBtzobjoN2pwCHVXcrAf5V6XdxnTNK X-Received: by 10.101.74.82 with SMTP id a18mr10511351pgu.312.1522800997700; Tue, 03 Apr 2018 17:16:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522800997; cv=none; d=google.com; s=arc-20160816; b=ZSPRzwPdSgES4f+0TAKh3GO2SNoViY4k5z4gKCxanUyDr+AbJMXirTXjEzhdPS+/FF gymLIRyaGQVRI2v8P2J6tZAq/u9TkFsmGLFK8Iv4x+EOA/uJRRqqIAr9Tq35QKXateqN ICaV3OQf4/BS9mcNJ78wx0K1CnXck4PVdrkUqpGI5KWns7cdH37jej61wbX4K1Vr1wA4 nr1IgiVauajmKNRF209dFWa3T+6W18VGiUhtFCrjkI5j40KBGj3Ijhnx7PCt4cCN+Hfa IGTD4wj51sjdkl167nBJrq3zXSllwxfeZX8/Zm5qCblYbxwCE8sn1F3Ahw3tddz/b47J NzKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=twBHOaWsGZ6mR//mMrBiUiV4GW34NcyDnI/PbMMnt2s=; b=CUkniGbtHg1nZbqOSxai1YRwnDK+ssrtzSnehdRoarZaiXc7tcm3EBBpSjTHOyu4on pqACMet6c2IfxAeVbQLNhuecvPyMq+vpKsWwh3mnLon5CHli86FvhTXBmp3H1sehRA7Y YAoLL4OXBANp2Fg3Z12fyi8sT3Nd6xFHGe1BRWAhxbu6d/CE6uMablad3ECAifvODamH 7HFkebIZ2c/veGmH93yCPvRModfx7YKIxoKUJMjQg42QII/ekwQmoNBjrWCTHdcjR8Mt V+un+BaZpgGw3zt+VLVqw/r3vgstBPs2GY19U5y9zMIrp+jZB53q+5tzLgFNN18Ap6qk ivuw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=pu9zvZwv; dkim=fail header.i=@linux-foundation.org header.s=google header.b=Y1qrPTew; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p24si2983770pfh.328.2018.04.03.17.16.23; Tue, 03 Apr 2018 17:16:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=pu9zvZwv; dkim=fail header.i=@linux-foundation.org header.s=google header.b=Y1qrPTew; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756278AbeDDAPP (ORCPT + 99 others); Tue, 3 Apr 2018 20:15:15 -0400 Received: from mail-io0-f196.google.com ([209.85.223.196]:39747 "EHLO mail-io0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754966AbeDDAPL (ORCPT ); Tue, 3 Apr 2018 20:15:11 -0400 Received: by mail-io0-f196.google.com with SMTP id v13so24150057iob.6; Tue, 03 Apr 2018 17:15:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=twBHOaWsGZ6mR//mMrBiUiV4GW34NcyDnI/PbMMnt2s=; b=pu9zvZwvExl0L8+eqSyiO7vu2jc43nu2+5LHy+BQqA9/1qB3Xomxwq3WVAFt7HNTY0 DrgdBroDSM74RCujfUBxSiZ1sLXtqfLMLfh3vpcm+4dCPQxXD1RbrriYifWLyMUKX6d1 tS3Td71TMCSrQEySKrDyDmj5iV5xMmk/focg9BUCfipxATHEqhk1nC8SnZedekc2F6xp Cc7lSS5sOru/lA2svz2rCNCILoQ/4Pn3BvrLXqkzDINFu2yDYFOlnEgRmnHbf580NtKC 5SJqtU9tgOPHasZzIMxudYKezzkgosqzNL0UamQ0RMwr8uHrCsE5SrJxfAucdvOCuOKx MD2A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=twBHOaWsGZ6mR//mMrBiUiV4GW34NcyDnI/PbMMnt2s=; b=Y1qrPTewl0W19hL7fXkZsi7B+PQNl5UMYqEWCP6tG5SuX+p1qAHaAS1fo2e4aC3PSY UoyRT4drlEIdfyEV+o/rJZ7Fq38qwku2DCsX/o8HkD6kgtAzMYdSlGagLjRrnCdjSmY5 dgu2q6bKXOUPSO1kbm7uO7MV99wLn23jjcjbg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=twBHOaWsGZ6mR//mMrBiUiV4GW34NcyDnI/PbMMnt2s=; b=mpp2HIq0NsRBSv4WajNx5BHSPKsrYXKQyUFHpruhHIKZFnHNVeOFLRN7hbL8rhHwnH sZ/mV7KKYNs0UDBSJqPuOdFwMJ3B6N3Qn1mDtgvDA6kLD3DepXmGtdkyI/85AVGE1Q1A GxWvX3gZPPJQpqoDgvSVmHZAtS6MC/Fstc2AjiPnBesQ16ubD/Y0jSXS8IhB7sTzJAFH bK0t0yCj9q6xELCOKm0F++JqZIJncTRj7BJ+R0PLKlpE+cIgSA3GY7oJrR/IbSvyciAk +dj0wtC4ag8JoRK0ljnIe30Oxr+cOWNLrnPgxHOH+c1m9tVfwY54pw08wdK28Zgmjwd2 1Tkw== X-Gm-Message-State: AElRT7HSakQK/9iMcX7nKB36WUyjX3FwOHx8IRGdGCcsZ9Uf8S7XzTDj 5i1lGzxXTVRS1/QSiJ+BO5reosv9xkqtaJ5bIxE= X-Received: by 10.107.182.214 with SMTP id g205mr15412032iof.203.1522800909950; Tue, 03 Apr 2018 17:15:09 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.95.15 with HTTP; Tue, 3 Apr 2018 17:15:09 -0700 (PDT) In-Reply-To: References: <4136.1522452584@warthog.procyon.org.uk> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> <9758.1522775763@warthog.procyon.org.uk> <13189.1522784944@warthog.procyon.org.uk> <9349.1522794769@warthog.procyon.org.uk> From: Linus Torvalds Date: Tue, 3 Apr 2018 17:15:09 -0700 X-Google-Sender-Auth: seTIHpaoucqkbwHdl9tYGO6t8do Message-ID: Subject: Re: [GIT PULL] Kernel lockdown for secure boot To: Matthew Garrett Cc: Andrew Lutomirski , David Howells , Ard Biesheuvel , James Morris , Alan Cox , Greg Kroah-Hartman , Linux Kernel Mailing List , Justin Forbes , linux-man , joeyli , LSM List , Linux API , Kees Cook , linux-efi Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 3, 2018 at 5:10 PM, Matthew Garrett wrote: > >> Exactly like EVERY OTHER KERNEL CONFIG OPTION. > > So your argument is that we should make the user experience worse? Without > some sort of verified boot mechanism, lockdown is just security theater. > There's no good reason to enable it unless you have some mechanism for > verifying that you booted something you trust. Wow. Way to snip the rest of the email where I told you what the solution was. Let me repeat it here, since you so conveniently missed it and deleted it: >> Or, like a lot of other kernel options, maybe have a way to just >> disable it on the kernel command line, and let the user know about it. >> >> That would still be better than disabling secure boot entirely in your >> world view, so it's (a) more convenient and (b) better. Matthew, it's simply not worth continuing talking with you. I'll just not pull this crap, and vendors that you convince to do stupid things have only themselves to blame. You clearly have an agenda, and are not willing to look at arguments against your idiotic choices. Linus