Received: by 10.213.65.68 with SMTP id h4csp143420imn; Tue, 3 Apr 2018 17:26:44 -0700 (PDT) X-Google-Smtp-Source: AIpwx49seHIabysuKZJRG6bc6915qsOLzx/dyTeQdMnneusOuS6Jn5EiQW72VC+2z93gSUs3YIKW X-Received: by 2002:a17:902:2e43:: with SMTP id q61-v6mr16002984plb.404.1522801604365; Tue, 03 Apr 2018 17:26:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522801604; cv=none; d=google.com; s=arc-20160816; b=FvVj7AIe8XxrypFfyXfB1oc420fRzUEo3mMEwLkc3mtwR5izmVVePiJ3gIlHoFAweF GipyfP/TZJmRs58iOizoy3N9EtMZb6pvOosSRCtnOZ1Tn4qofPFeqs+0krWpBGy0l0i/ 55PI4J2pxzBCFGo+FfoTbRJsX+vAs37RK2NJmd8O4ktwLCguJAcNGNZ7uiddQMOeSCTW 4yHQob0ZoOiB+8IFd84p7t2AAWhM8qzhyYH9kt8QhM5I2rAZiBzcnEnz+Gb7WmxOSnG+ Yt4yYP8BV6TY0tIRIeAj7M6wzUYvSeazeyJHPgZgEn88l/M/fJ9GMtJ7GyqW4Uc4Xrbd EFMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=zfmrCLHdVQoSjUvKouMiacVT+POdDJzAeH9vszgpSuA=; b=bqL5Rs/RkfcewP20kTMfAC/spPgKiSsrGXHVDLYBVeRUuOn90GwrvsFRPcc/MaSijs dHmdfYRsZ0pxCdSfpMMqmcqUm9/Zi2LR/o4fyHiOxZXXREEJfEa3nw/DhVOeEjs7hicU OTn6iH8BeYEJuihK0ik+WPzPM9FGqOhMtALhaq+j76yd43K7pBgne3zRB3pVf6tm6xpJ 59CHof601EchBIFqFhB1h0QWqun2E2DFqa6AsYEwhJm1p1QOoBIomGKzL1bAv8rDaV5z DEgwqwMClNkDzJu3S/8lpHnJwrEHYQ0kac+dlMRJI60lULYYfjV0IE/zZS8dg6Ve7AvE uDWQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=CiQZKqu7; dkim=fail header.i=@linux-foundation.org header.s=google header.b=cz49vIjB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t11si2788104pgf.93.2018.04.03.17.26.30; Tue, 03 Apr 2018 17:26:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=CiQZKqu7; dkim=fail header.i=@linux-foundation.org header.s=google header.b=cz49vIjB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756765AbeDDAZZ (ORCPT + 99 others); Tue, 3 Apr 2018 20:25:25 -0400 Received: from mail-it0-f49.google.com ([209.85.214.49]:55271 "EHLO mail-it0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756404AbeDDAZW (ORCPT ); Tue, 3 Apr 2018 20:25:22 -0400 Received: by mail-it0-f49.google.com with SMTP id h143-v6so25735958ita.4; Tue, 03 Apr 2018 17:25:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=zfmrCLHdVQoSjUvKouMiacVT+POdDJzAeH9vszgpSuA=; b=CiQZKqu7DoNnSp+IJHWxexrJkY/R7RNTVK/s77M6g9kT3W5dNrHBNxmqJoWiDPDgt9 uCe1h5LwfsL4n/txfi/7m3wYv28J+D7+eiThQWPx0NPeclPG6lzfQpZLuWlvNVyYlGWa mKTzs7entdi8/COO+l/15Ed/mrLeCWqfptJ0hWIGgtVrjvGwKAB6faSQowa5BUoxZmb4 8IXKGalXoY/FUrcKPPYJW/o/+nGm5BsP+owB3wW2WbS1HsdwtbA1WK5OUrLncOioPOY2 67BOi7cV6J5ZdZwAw6BbAmRydwCEw7/cg8ax45b+JadzWH3Of1WRJwvtShFEiByHiKVq JZAA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=zfmrCLHdVQoSjUvKouMiacVT+POdDJzAeH9vszgpSuA=; b=cz49vIjBi1Y3ODBa37sySasnZIV5OfFlZqbdfzRoVfoFuD7zg1gt5/CDGgv/x4N1Rv T18DusDtpGfFP9+TTkAGNVBpQCwerV3nxqSIAhGn1Efx92dUHl1tLBLEGZSeKKt1VWAl djjM7I0/563QQGxe97S2Z+5zxTQlF3/QwTIvk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=zfmrCLHdVQoSjUvKouMiacVT+POdDJzAeH9vszgpSuA=; b=KBPoAiAp+b7hOBwfCZlQ1Xq+xlbGD85nBsepb77fyyAVzmaodR4dVc0RbRJOxMcY/R SdRjGaA03SjtbDV6S9wt/FgbjViaJjRYWw8taFUy3AT08tC5jW/GKeYtZlnala85i4XP Hq32Mac+DDwywhOySizQdXPgRd6puNV1cozHqvBK58PXUbykiwuicJLYrkTI9irNZavn NXiwBPg0D0kTKvb3tmsF2l9VFJhYJlU+zK85TKLBd8rb9jpWBFOZHCBxeu6jJDBXArtp nw9ldZhfIaM5hhgbKCPaG9NQaa/OIQoUE3k6C8BrFk9zsmW9zGVFB9p4wUArfKoNHwc4 fkmw== X-Gm-Message-State: ALQs6tAJeCbaguwqLKSC72yvtCXUoAtpzmZOE/tlBL0NmbllWEjf54SH a6rUrIeQ4exMlNRM0WQkElufYcJaZ3pelorybJg= X-Received: by 2002:a24:87c8:: with SMTP id f191-v6mr7247341ite.16.1522801521089; Tue, 03 Apr 2018 17:25:21 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.95.15 with HTTP; Tue, 3 Apr 2018 17:25:20 -0700 (PDT) In-Reply-To: References: <4136.1522452584@warthog.procyon.org.uk> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> <9758.1522775763@warthog.procyon.org.uk> <13189.1522784944@warthog.procyon.org.uk> <9349.1522794769@warthog.procyon.org.uk> From: Linus Torvalds Date: Tue, 3 Apr 2018 17:25:20 -0700 X-Google-Sender-Auth: sY4B3IsqG_M8VJNwRhHi3IHWOLk Message-ID: Subject: Re: [GIT PULL] Kernel lockdown for secure boot To: Matthew Garrett Cc: Andrew Lutomirski , David Howells , Ard Biesheuvel , James Morris , Alan Cox , Greg Kroah-Hartman , Linux Kernel Mailing List , Justin Forbes , linux-man , joeyli , LSM List , Linux API , Kees Cook , linux-efi Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 3, 2018 at 5:16 PM, Matthew Garrett wrote: > > I ignored it because it's not a viable option. Part of the patchset > disables various kernel command line options. If there's a kernel command > line option that disables the patchset then it's pointless. Honestly, I don't think the patchset is viable at all in that case. No way will any sane distribution take it, potentially breaking a lot of machines, and have no way to unbreak them except for "oh, btw, you have to disable secure boot to get things to work again". That would be insane. So you'd better allow some command line options. One reasonable option may be to just disable lockdown by default (to make machines work reliably), and then have a "if you're anal about security, add 'lockdown' to the kernel command line". People who care about this already need to check the secure boot status, so this would be just one more thing they'd check. Linus