Received: by 10.213.65.68 with SMTP id h4csp207880imn;
        Tue, 3 Apr 2018 18:59:34 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4+VGPgwxsuwytrKei1Mp8/BBTcu2FmVKXET0+nForCTSteojNqDWw7bB/hiEbhCXrAl0M6h
X-Received: by 10.99.121.131 with SMTP id u125mr10905845pgc.48.1522807174402;
        Tue, 03 Apr 2018 18:59:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522807174; cv=none;
        d=google.com; s=arc-20160816;
        b=Cpcfwzhuqglx0x4nKv7qdH53h8hbvx7RVzhdktjY3HjVNSeWrgvZljxEjK5FDRbBS/
         a6HLyeZzqAxY8VEerqcUhhmYvKIljxfP3aR9UMpLbCiPpJ6YUkbs5FQU9bSLgIDG7zGm
         X5IzoBZruQwZ247YD26dt/8zoE8SmewEc+YDJBQc+kmbpsOIC0bo5EirLue5eTMJJnaW
         n/cPkPwhpSFzvXJd5nxmWkqRbSCR53qow0QsapWtCQQomsJv6dPW7NCdWHPmdb06Bchw
         +mE4o1VzTb+GE5T1mjB8FHgCW1aPc+fcGSSG34JetSzkLlEg3PjNppjMoxLG06yvs5td
         GEGg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=ZecKxzRONwavuHnFVGhqaIMfDWerpCMZd8qSregTn0k=;
        b=HAsZL5v+HB7XhRSMxUa8QfzEMHlqJqgElkIE9NeLWtT8REsT3idRmdw237aY0PXttw
         PhSVVBl+8VlYmu0GSz7cylOc9PRqEXR6gFem8m1oragUiad4uGF1gQd1mYVIn/3awnAF
         6pWleE7fXtqPSS1ij7GN61h/qLuVgVZ5c9BJXbsG0GF2rBqTF+WXKQ4urIPlLX76G4pJ
         AT4sbeeT13/HHHxB/932BNsosZkse1+LB6tP1+MdLwso1sZifnyf/IHpIDKZsKRXfwnb
         hYMGbrl7h76TIkfUjqhX+QaP+AHbS4O4NgUV2Lfho06xWcfoIS883M1MXYFASFCTOAvM
         3UwA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=sqKa7VrC;
       dkim=fail header.i=@linux-foundation.org header.s=google header.b=U9NnnwrL;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 1-v6si4248244plx.463.2018.04.03.18.59.18;
        Tue, 03 Apr 2018 18:59:34 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=sqKa7VrC;
       dkim=fail header.i=@linux-foundation.org header.s=google header.b=U9NnnwrL;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754268AbeDDB6I (ORCPT
        <rfc822;paul.schmitz.hallo.parkuhr@gmail.com> + 99 others);
        Tue, 3 Apr 2018 21:58:08 -0400
Received: from mail-it0-f45.google.com ([209.85.214.45]:36218 "EHLO
        mail-it0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751469AbeDDB6F (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Apr 2018 21:58:05 -0400
Received: by mail-it0-f45.google.com with SMTP id 15-v6so15179790itl.1;
        Tue, 03 Apr 2018 18:58:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=ZecKxzRONwavuHnFVGhqaIMfDWerpCMZd8qSregTn0k=;
        b=sqKa7VrCfsgN4MF4nlvGjxMg5C16rx+ze8ugMpSzBOpyHEN2XNPIE8zKp6bqwPqTjU
         Ka/C8H19dmdeRoVlCyaTV70yS0nuIA5QpLmKQz33/viuUfW9OFm9jRXX2vivhwGIGhp0
         Zepzxb1yLZ3d6h74zbFNM2eg9Ql6eAGn6bJNxWunHazURxELxzikKsbSg8fgs/HT8t/X
         Hw0dLCYHAYP5PCPQX3SkfSiy35U39ev/vOR8KSfRHqgQx8KyAMuXVoGhgPsqGmr889qD
         29mhiezuuxV5Aeff1jLpbqWEJKt13gA7I4rVpIZ2XCn3vO+R0KUGZlGvB3Fropn2OVNo
         DfMA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=ZecKxzRONwavuHnFVGhqaIMfDWerpCMZd8qSregTn0k=;
        b=U9NnnwrLAFPCK3qTY99hzgPEGZ/WdNvyZ6cWwuTWIvwZUCRNOwbLzOObhEcHKE7oFu
         MPavfFrYdaL/ojZw9edHgcMAMBhBV/bVz+Ywwmajr1I3NgeH6zaZ0+1ZgZaMbP6tcQzy
         RNbtF+cWvckpCUvMdBMY4FGaEOYtOu1h7tHew=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=ZecKxzRONwavuHnFVGhqaIMfDWerpCMZd8qSregTn0k=;
        b=N4C+BVdYVX94i7HxAU6xsF6k4f9r17b75S+TrlXBHf/w+PBLtUqdFZH6vht2c4JOQb
         mUj6NuBZGTxUv3AnocTEGlvLxihV9aT41TiorVI92DgZBCGOCSqL2evPI1p5DvNi7Ha6
         j1LX8lqYEEhgJBMcDV9lEbEkN5yYIYbgfIt+xCVy+hCs7wEA7qukSjK++6PauQVSQF4I
         iQ7xqPzCONpB0RFECnqDqsM5yBUTmY3qnEIbjss6GJvxyvPvOFI5L0yCgN9b/QQZxI4T
         hFHcuHmQhIqTbDteqKRWKreXXCURZz4aepmmNe26pBFctAuQqm9EHankObakO+M5Irk5
         5PTA==
X-Gm-Message-State: ALQs6tAWvZzIeggC14r4IupwgOmBdvW0Q63gNDXhA1Oo57byqnb5FYo4
        x89JCWxBZrt6hHb2WMwPHMHYe6YTF/pUYa/XK64=
X-Received: by 2002:a24:87c8:: with SMTP id f191-v6mr7440721ite.16.1522807084182;
 Tue, 03 Apr 2018 18:58:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.95.15 with HTTP; Tue, 3 Apr 2018 18:58:03 -0700 (PDT)
In-Reply-To: <CAFbkSA0ursG3RGWU19LQiD6u30h5V=Aqj3oVyHQCiX6MLopYUg@mail.gmail.com>
References: <4136.1522452584@warthog.procyon.org.uk> <alpine.LRH.2.21.1803311145180.7769@namei.org>
 <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk>
 <CALCETrUFOdrH5ShCCd8yguGjC2NtG8fJY7AW26HH467-02UVGA@mail.gmail.com>
 <CACdnJut31+ZtiR40nkOjm89cfUxS0EM=w-oG69PtWHbXYJQxPg@mail.gmail.com>
 <CALCETrXeVod=kNpG-M7yKAMM0-n+PMg_OakN6ecWrTPmKXgMLg@mail.gmail.com>
 <9758.1522775763@warthog.procyon.org.uk> <CALCETrWHS9p1My=j07=V=OP7v4SwQkW-kJ3JOx6EbPU8fb_XEQ@mail.gmail.com>
 <13189.1522784944@warthog.procyon.org.uk> <CALCETrX4CuHVpn38R24TCcJgCBLSbh-sOD-qcD5kYF8Zo53ZJw@mail.gmail.com>
 <9349.1522794769@warthog.procyon.org.uk> <CALCETrV6E+r942K+fu-ALNf-x6qOZ3o1hNKGeu7qEMvr8sMP9A@mail.gmail.com>
 <CA+55aFxKzxdRZthzaokaGPAsWCp3a-p3aVfJSutF+9Fp9sbaVA@mail.gmail.com>
 <CACdnJusSfwULV-ubvgtYd8G_cTF4LnJ4DAeTCux4XRhHKVpBUw@mail.gmail.com>
 <CA+55aFzG==xr2OLK8F03RH0nkUDeP6btWqepFTuHZqkPTAOWjQ@mail.gmail.com>
 <CACdnJuv_=ihPut=5OvCYEphdBOn7+JrKacBbNa0n3wv_JvFMzg@mail.gmail.com>
 <CA+55aFyWNok1K-Jo3TQAXGXHvFOTvuOb-Hw977B9RGjBa7prrg@mail.gmail.com>
 <CACdnJutZFKX+izBxRYbyxefT5KrKhVV0XsymU=vBhywd+TOE3A@mail.gmail.com>
 <CA+55aFwVUmjZ+Swe9xUdDOEE+EOoaU3dh7BcrH74BOLCi8y_Kw@mail.gmail.com>
 <CACdnJuvqQQ+hidokY5GA7g-yrAs5-358it0cs+m_d4RFDMuB_w@mail.gmail.com>
 <CA+55aFwJBGCr-anrdV9N63fUH4V_QJqgr0_fJyHhH=fuqGAoog@mail.gmail.com>
 <CACdnJuvFqXGLsAv1Km3MmdssHBfuH5-C_vG3A4eq4Yuj0HhFBA@mail.gmail.com>
 <CA+55aFzYbpRAdma0PvqE+9ygySuKzNKByqOzzMufBoovXVnfPw@mail.gmail.com>
 <CACdnJuv-VpdhjEe1cMysdHb6Oy67jQqg-_TVHbUrOfH9GmCVvg@mail.gmail.com>
 <CA+55aFwvuoSHhKnn82VnDndZ6oXMJgwHF604gZ=h3ehHyC600A@mail.gmail.com>
 <CA+55aFzJ2sQR13T+20MKEJ5co-f3Ev8rRxQkRCWVaeDSUU3yhQ@mail.gmail.com>
 <CACdnJuti5Riqoi1sesqPALYHq9LT87o4MFj-0Y5BZqqzJ5579g@mail.gmail.com>
 <CA+55aFwhi=gz3HLoGST9--n1_kLJNP6jsf8GSesSFxTDCdPdtQ@mail.gmail.com> <CAFbkSA0ursG3RGWU19LQiD6u30h5V=Aqj3oVyHQCiX6MLopYUg@mail.gmail.com>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Tue, 3 Apr 2018 18:58:03 -0700
X-Google-Sender-Auth: SwEPnjFBhkDS4mBJUdknFg354rI
Message-ID: <CA+55aFwGmbNCjHpXHhtMWLobVkX=eq6_xEg=42jQ+M-EK4Tq2g@mail.gmail.com>
Subject: Re: [GIT PULL] Kernel lockdown for secure boot
To:     Justin Forbes <jforbes@redhat.com>
Cc:     Matthew Garrett <mjg59@google.com>,
        Andrew Lutomirski <luto@kernel.org>,
        David Howells <dhowells@redhat.com>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        James Morris <jmorris@namei.org>,
        Alan Cox <gnomes@lxorguk.ukuu.org.uk>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        linux-man <linux-man@vger.kernel.org>, joeyli <jlee@suse.com>,
        LSM List <linux-security-module@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>,
        Kees Cook <keescook@chromium.org>,
        linux-efi <linux-efi@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Apr 3, 2018 at 6:30 PM, Justin Forbes <jforbes@redhat.com> wrote:
>>
>> If there actually was a good explanation for the tie-in, it should
>> have been front-and-center and explained as such.
>>
> Honestly, yes, the major distros have been shipping this patch set for years
> now, and every time it comes to upstream, the same damn arguments emerge.

Well, I think it's because the explanations have been bogus.

Just look at this thread. It took closer to a hundred emails (ok, so
I'm exaggerating, but not _that_ much) until the *real* reason for the
tie-in was actually exposed.

For the first 50+ emails, the explanation was "oh, only if you do
secure boot does this make sense".

Which is still pure BULLSHIT. Of _course_ that kind of stuff raises
peoples hackles and makes people not trust the messenger - he's
clearly being evasive and there must be something else going on.

So instead of the bullshit explanations, just explain the purely
_practical_ side.

Because I find it a *lot* more convincing to hear:

   "We'd like to just enable it all the time, but it's known to break
    some unusual hardware cases that we can't fix in software, and we
    wanted *some* way to disable it that requires explicit and verified
    user intervention to do that, and disabling secure boot is the
    easiest hack we could come up with".

See? No bullshit. Just straight talk about the *actual* reason why
people decided on this particular tie-in, and admitting that it's a
hack, but also clearly stating the reason for the hack.

Now, I still don't necessarily agree that it's the best possible
option, but when stated in those terms I at least understand why that
option was picked as a reasonable one, and it changes the discussion a
lot, and (at least for me) makes it much more palatable.

Because as long as the explanation is just some "you must use secure
boot or you've already lost and further security is pointless"
hocus-pocus magical thinking, I immediately go "no, that sounds
completely bogus, and it makes testing and coverage much worse, we've
done other things quite like that without this secure boot tie-in".

             Linus