Received: by 10.213.65.68 with SMTP id h4csp141641imn; Tue, 3 Apr 2018 17:23:49 -0700 (PDT) X-Google-Smtp-Source: AIpwx48GZ9jqvAqQOt9EmOnbMuEjpzDFK3dzTLUCuD8E7b6BeV4dFpuhifkl4nfTCA88MBL2ge3X X-Received: by 10.98.150.75 with SMTP id c72mr12158785pfe.62.1522801429848; Tue, 03 Apr 2018 17:23:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522801429; cv=none; d=google.com; s=arc-20160816; b=duA7ZvySWCOYmB3YNPL7KXkbvc0xB19Hjk+8NCBxXYq2NRWI5kRdReyuj7krQguc1O X0OJ9NWFZ1McY6ACZdeezWq/ZmgRbu6O8WzImxoKtwyNycWfGVchkXcGciX7RjRMYAge 7FF3gIvTPMbRRKxN5L9McujPgKaVi0JCyiDRZbyRqMLPFs9sqIP/6D14WBRR4ro2zeHk w/YraGqV5Cs57DICatSsFi1j6C6fAWAWite8pENPanobP599TjAUeiI3edhoYhccuyaC FFHhklNicH0CDXWMNU65ERRr1c0DkHWkUSpQBe+TIebvhStkZ0Dmxv7gJt+lMN52F/Eg AWaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:content-id:mime-version :subject:cc:to:references:in-reply-to:from:organization :arc-authentication-results; bh=a83pqT5TwwvX5UrTJvoN9zPltllD5QAEC89eV6eHWAQ=; b=Jbli7SM0Ei88VnDKW8whtQEeDtgFAkwiNg8q6Qw0bug5dBFSb5c9PAjPoOoPDkm3E6 fa5pXbTOko427/wjde1/Tr0pr+LrRAOtj7TxFDL27Mm2MvDP0gG77H9zF4aKH7hkDKJk qqmLV8zpDeW8HXa1JtHmtuJjZWKTKPxIognee+qbBwlg5EHTv63erLO2pTFtuLRzC1Dk BKriXFtFhkDeTFRWAt/OCbwje34JG7lEVG5tWZMO9+NRDip6Rm7H/K+MwctMjZa8TMiZ uX2eOUyfXohy1f1xtPK8n7t9Xj9PME++ar6IhtpWmrIpRmAvFZ6jn2uAOVeVJEPxMrJv o1NA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w19-v6si1727887plq.156.2018.04.03.17.23.35; Tue, 03 Apr 2018 17:23:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756637AbeDDAWc (ORCPT + 99 others); Tue, 3 Apr 2018 20:22:32 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:46418 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1756098AbeDDAWa (ORCPT ); Tue, 3 Apr 2018 20:22:30 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 928624068024; Wed, 4 Apr 2018 00:22:29 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-120-158.rdu2.redhat.com [10.10.120.158]) by smtp.corp.redhat.com (Postfix) with ESMTP id CFDB1215CDAF; Wed, 4 Apr 2018 00:22:27 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: References: <4136.1522452584@warthog.procyon.org.uk> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> <9758.1522775763@warthog.procyon.org.uk> <13189.1522784944@warthog.procyon.org.uk> <9349.1522794769@warthog.procyon.org.uk> To: Linus Torvalds Cc: dhowells@redhat.com, Matthew Garrett , Andrew Lutomirski , Ard Biesheuvel , James Morris , Alan Cox , Greg Kroah-Hartman , Linux Kernel Mailing List , Justin Forbes , linux-man , joeyli , LSM List , Linux API , Kees Cook , linux-efi Subject: Re: [GIT PULL] Kernel lockdown for secure boot MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <11961.1522801347.1@warthog.procyon.org.uk> Date: Wed, 04 Apr 2018 01:22:27 +0100 Message-ID: <11962.1522801347@warthog.procyon.org.uk> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Wed, 04 Apr 2018 00:22:29 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Wed, 04 Apr 2018 00:22:29 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'dhowells@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Linus Torvalds wrote: > ... use the kernel command line to disable things. An attacker could then modify grub.cfg, say, and cause a reboot (or wait for the next reboot) to disable lockdown:-/ And whilst we could also distribute a non-locked-down variant of the kernel as an alternative, the attacker could install and boot that instead since we can't lock package installation down very easily since it doesn't impinge directly on the running kernel. Unfortunately, it's hard to come up with a disablement mechanism in the kernel that an attacker can't also make use of:-/ David