Received: by 10.213.65.68 with SMTP id h4csp164805imn;
        Tue, 3 Apr 2018 17:58:27 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4/6s3/9YHYm8qXe8g3O5K2HKp3wGoG6h6obAsvRVAsDcrtxGWimp1OnYkgTzt7P8kGumvkt
X-Received: by 10.101.78.131 with SMTP id b3mr10634507pgs.8.1522803507761;
        Tue, 03 Apr 2018 17:58:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522803507; cv=none;
        d=google.com; s=arc-20160816;
        b=CA/1bi7bzckjNEklKa8+c3PRJIL7gSgfKgATA6eRHe6YLCrE+R2jXfa4HajH9h2GkJ
         b+2uIWicOavhPmIMOAjsllhPSMh6TuQb3IVOhPNEeB9nLBvoONjXe4xtjpa3tbum8ZfK
         uP6ny9uutr3oXNxfooonePFQbwajH8DMOT6WfSZypU/wOyz2pEu4dxv22IRtAOn4WLGH
         eTTrd9F2ul2E8PVI3OVQCbkPsKYfPshfA5yHQR3QNLFiofEpMjd/9OaWDpGvJnVXF90u
         1yMWqnguBqVnpV5qyJqTvCwUU0rdMuNZt2+wN6PEi334LEL3RqtTUGyO4R+EAAAfa2gR
         boRQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=Rq0Hbi1DcDacTXE3cErsLkrKYEbQzbF5pMhcCT6Md0Y=;
        b=H0XcGj8WJa+gNJ5oe7SLghXMObfW0ZPZ9mAPu8QkzHmnHYx1hYgv0tqWq8AlSwkX6J
         m4kw7w3Y39d0vCRaPPwM96QHZ8g5sRPDvBpFpIlV8FfzX/Q3Ksg2YdXqpJifpHjMKogF
         OvAS6of175faO2kd/qCbi4qa1WNNjYcPmCpK6CYF0EDKGIZjpulwoiVs5wQ94KP38bsI
         K1cLfHBNO55A5ZErl3dckvhgnf8DjP16DZqtmAwn2veywYz8T5QpdzPMyhfcpcpkLf1+
         vcdmUGj+NgWpPORvXc54WAr5oqzX7Um6U/n5r4kMuamQdXRycB5PRmWlHz4Z42G6dSU3
         JFLQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=M4UD+SN3;
       dkim=fail header.i=@linux-foundation.org header.s=google header.b=Q9AeUzqE;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id o18si3097921pfa.346.2018.04.03.17.58.13;
        Tue, 03 Apr 2018 17:58:27 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=M4UD+SN3;
       dkim=fail header.i=@linux-foundation.org header.s=google header.b=Q9AeUzqE;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754848AbeDDA4t (ORCPT
        <rfc822;paul.schmitz.hallo.parkuhr@gmail.com> + 99 others);
        Tue, 3 Apr 2018 20:56:49 -0400
Received: from mail-io0-f195.google.com ([209.85.223.195]:44398 "EHLO
        mail-io0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1754803AbeDDA4p (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Apr 2018 20:56:45 -0400
Received: by mail-io0-f195.google.com with SMTP id d7so24216426ioc.11;
        Tue, 03 Apr 2018 17:56:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=Rq0Hbi1DcDacTXE3cErsLkrKYEbQzbF5pMhcCT6Md0Y=;
        b=M4UD+SN3IJ1nWyj54Lzek1X8hfRlHyDOvlGPTAOTU/B6ssZmO2wIVhoh9oGIAHrA7m
         XCEPR393ibS/9MH1kBitq7NCKUFHsoITNQtEqq0Vav+irFdjgelDRe75+mIvFaNTasRA
         zGiu7WRNutFSKYTsEhOAOBMPGHuqRHC2853okwmnSShV+NDSWNQzBeEoJKKF3oYfr25N
         EH582IvgQx7eCQCLDJEWPWFUN5dJDR5L7XAzNxNn2BjYmeEVfNGFMpUZNyTw3prmFk28
         fZP1BvOhJc2eouy3eDfZ111ZU2xaX6Qfe4EnC6b7Q5r8msfh5sXh4WxXVQ4DA8BMxQ7+
         nfkg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=Rq0Hbi1DcDacTXE3cErsLkrKYEbQzbF5pMhcCT6Md0Y=;
        b=Q9AeUzqEZg7jMg71T4rjQgYGTmTCQr6QeRSfh5y9ch8xGet9TMe6LAipvkb0LbK50e
         Dcy3uXG7M3KXdBb0EUMYIxLSdI/bGZOfrLEQ2WnPJhcRZ+QXS3iPGuIDzTlPnX1uL4M4
         ZjpArIbvZGXnE6lKKssxdlTUq0+m2lbD+bKtk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=Rq0Hbi1DcDacTXE3cErsLkrKYEbQzbF5pMhcCT6Md0Y=;
        b=DE2UwcS40bwetuhtab3APpsRqEshgQ//Ft1xsNLN5jwvgguxJ/mkE7FIQLkCrYp7YL
         MhYNEvljIMG89neF4/bciwNhXThLm1edEh9zga/j9n3j59PZ3LpqjfhuS+/Icjc8+MAE
         5gPo/XBqvM6RmaeZSfRIkM9zEoI/Z1iK97FxHgzxgeIlfiZ0E146K8e9n5wRqFOg6JMZ
         nQT0KMkEwc1FiVBnH+qgZ/HDC24oC4+ulMVi+UFSit8wtWTixKMJ/zjLOAacg/NEvM0u
         4oz+U2HVAjQlPmtWPxV3vJmFAm8dyxBM+dgXwLkOxkm11sMdKqBfcimjYg11/A4lcFqK
         Z6EQ==
X-Gm-Message-State: ALQs6tBF6G6N7Oqqa7S90u36JxYSS9hyHzHSw2qSb4ZZNRtw0VonBSpN
        fJYfH0qYnkJQmuYRem7Ppu+q8Dy9VdMhQ7+Sfx3bZg==
X-Received: by 10.107.12.201 with SMTP id 70mr14572399iom.48.1522803404603;
 Tue, 03 Apr 2018 17:56:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.95.15 with HTTP; Tue, 3 Apr 2018 17:56:43 -0700 (PDT)
In-Reply-To: <CACdnJuti5Riqoi1sesqPALYHq9LT87o4MFj-0Y5BZqqzJ5579g@mail.gmail.com>
References: <4136.1522452584@warthog.procyon.org.uk> <alpine.LRH.2.21.1803311145180.7769@namei.org>
 <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk>
 <CALCETrUFOdrH5ShCCd8yguGjC2NtG8fJY7AW26HH467-02UVGA@mail.gmail.com>
 <CACdnJut31+ZtiR40nkOjm89cfUxS0EM=w-oG69PtWHbXYJQxPg@mail.gmail.com>
 <CALCETrXeVod=kNpG-M7yKAMM0-n+PMg_OakN6ecWrTPmKXgMLg@mail.gmail.com>
 <9758.1522775763@warthog.procyon.org.uk> <CALCETrWHS9p1My=j07=V=OP7v4SwQkW-kJ3JOx6EbPU8fb_XEQ@mail.gmail.com>
 <13189.1522784944@warthog.procyon.org.uk> <CALCETrX4CuHVpn38R24TCcJgCBLSbh-sOD-qcD5kYF8Zo53ZJw@mail.gmail.com>
 <9349.1522794769@warthog.procyon.org.uk> <CALCETrV6E+r942K+fu-ALNf-x6qOZ3o1hNKGeu7qEMvr8sMP9A@mail.gmail.com>
 <CA+55aFxKzxdRZthzaokaGPAsWCp3a-p3aVfJSutF+9Fp9sbaVA@mail.gmail.com>
 <CACdnJusSfwULV-ubvgtYd8G_cTF4LnJ4DAeTCux4XRhHKVpBUw@mail.gmail.com>
 <CA+55aFzG==xr2OLK8F03RH0nkUDeP6btWqepFTuHZqkPTAOWjQ@mail.gmail.com>
 <CACdnJuv_=ihPut=5OvCYEphdBOn7+JrKacBbNa0n3wv_JvFMzg@mail.gmail.com>
 <CA+55aFyWNok1K-Jo3TQAXGXHvFOTvuOb-Hw977B9RGjBa7prrg@mail.gmail.com>
 <CACdnJutZFKX+izBxRYbyxefT5KrKhVV0XsymU=vBhywd+TOE3A@mail.gmail.com>
 <CA+55aFwVUmjZ+Swe9xUdDOEE+EOoaU3dh7BcrH74BOLCi8y_Kw@mail.gmail.com>
 <CACdnJuvqQQ+hidokY5GA7g-yrAs5-358it0cs+m_d4RFDMuB_w@mail.gmail.com>
 <CA+55aFwJBGCr-anrdV9N63fUH4V_QJqgr0_fJyHhH=fuqGAoog@mail.gmail.com>
 <CACdnJuvFqXGLsAv1Km3MmdssHBfuH5-C_vG3A4eq4Yuj0HhFBA@mail.gmail.com>
 <CA+55aFzYbpRAdma0PvqE+9ygySuKzNKByqOzzMufBoovXVnfPw@mail.gmail.com>
 <CACdnJuv-VpdhjEe1cMysdHb6Oy67jQqg-_TVHbUrOfH9GmCVvg@mail.gmail.com>
 <CA+55aFwvuoSHhKnn82VnDndZ6oXMJgwHF604gZ=h3ehHyC600A@mail.gmail.com>
 <CA+55aFzJ2sQR13T+20MKEJ5co-f3Ev8rRxQkRCWVaeDSUU3yhQ@mail.gmail.com> <CACdnJuti5Riqoi1sesqPALYHq9LT87o4MFj-0Y5BZqqzJ5579g@mail.gmail.com>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Tue, 3 Apr 2018 17:56:43 -0700
X-Google-Sender-Auth: BO-Z0aaARvuvOjkSwGiK6AOPP1I
Message-ID: <CA+55aFwhi=gz3HLoGST9--n1_kLJNP6jsf8GSesSFxTDCdPdtQ@mail.gmail.com>
Subject: Re: [GIT PULL] Kernel lockdown for secure boot
To:     Matthew Garrett <mjg59@google.com>
Cc:     Andrew Lutomirski <luto@kernel.org>,
        David Howells <dhowells@redhat.com>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        James Morris <jmorris@namei.org>,
        Alan Cox <gnomes@lxorguk.ukuu.org.uk>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Justin Forbes <jforbes@redhat.com>,
        linux-man <linux-man@vger.kernel.org>, joeyli <jlee@suse.com>,
        LSM List <linux-security-module@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>,
        Kees Cook <keescook@chromium.org>,
        linux-efi <linux-efi@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Apr 3, 2018 at 5:46 PM, Matthew Garrett <mjg59@google.com> wrote:
>
> The generic distros have been shipping this policy for the past 5 years.

.. so apparently it doesn't actually break things? Why not enable it
by default then?

And if "turn off secure boot" really is the accepted - and actuially
used - workaround for the breakage, then

   WHY THE HELL DIDN'T YOU START OFF BY EXPLAINING THAT IN THE FIRST
PLACE WHEN PEOPLE ASKED WHY THE TIE-IN EXISTED?

Sorry for shouting, but really. We have a thread of just *how* many
email messages that asked for the explanation for this? All we got was
incomprehensible and illogical crap explanations.

If there actually was a good explanation for the tie-in, it should
have been front-and-center and explained as such.

                Linus