Received: by 10.213.65.68 with SMTP id h4csp207880imn; Tue, 3 Apr 2018 18:59:34 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+VGPgwxsuwytrKei1Mp8/BBTcu2FmVKXET0+nForCTSteojNqDWw7bB/hiEbhCXrAl0M6h X-Received: by 10.99.121.131 with SMTP id u125mr10905845pgc.48.1522807174402; Tue, 03 Apr 2018 18:59:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522807174; cv=none; d=google.com; s=arc-20160816; b=Cpcfwzhuqglx0x4nKv7qdH53h8hbvx7RVzhdktjY3HjVNSeWrgvZljxEjK5FDRbBS/ a6HLyeZzqAxY8VEerqcUhhmYvKIljxfP3aR9UMpLbCiPpJ6YUkbs5FQU9bSLgIDG7zGm X5IzoBZruQwZ247YD26dt/8zoE8SmewEc+YDJBQc+kmbpsOIC0bo5EirLue5eTMJJnaW n/cPkPwhpSFzvXJd5nxmWkqRbSCR53qow0QsapWtCQQomsJv6dPW7NCdWHPmdb06Bchw +mE4o1VzTb+GE5T1mjB8FHgCW1aPc+fcGSSG34JetSzkLlEg3PjNppjMoxLG06yvs5td GEGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=ZecKxzRONwavuHnFVGhqaIMfDWerpCMZd8qSregTn0k=; b=HAsZL5v+HB7XhRSMxUa8QfzEMHlqJqgElkIE9NeLWtT8REsT3idRmdw237aY0PXttw PhSVVBl+8VlYmu0GSz7cylOc9PRqEXR6gFem8m1oragUiad4uGF1gQd1mYVIn/3awnAF 6pWleE7fXtqPSS1ij7GN61h/qLuVgVZ5c9BJXbsG0GF2rBqTF+WXKQ4urIPlLX76G4pJ AT4sbeeT13/HHHxB/932BNsosZkse1+LB6tP1+MdLwso1sZifnyf/IHpIDKZsKRXfwnb hYMGbrl7h76TIkfUjqhX+QaP+AHbS4O4NgUV2Lfho06xWcfoIS883M1MXYFASFCTOAvM 3UwA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=sqKa7VrC; dkim=fail header.i=@linux-foundation.org header.s=google header.b=U9NnnwrL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 1-v6si4248244plx.463.2018.04.03.18.59.18; Tue, 03 Apr 2018 18:59:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=sqKa7VrC; dkim=fail header.i=@linux-foundation.org header.s=google header.b=U9NnnwrL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754268AbeDDB6I (ORCPT + 99 others); Tue, 3 Apr 2018 21:58:08 -0400 Received: from mail-it0-f45.google.com ([209.85.214.45]:36218 "EHLO mail-it0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751469AbeDDB6F (ORCPT ); Tue, 3 Apr 2018 21:58:05 -0400 Received: by mail-it0-f45.google.com with SMTP id 15-v6so15179790itl.1; Tue, 03 Apr 2018 18:58:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=ZecKxzRONwavuHnFVGhqaIMfDWerpCMZd8qSregTn0k=; b=sqKa7VrCfsgN4MF4nlvGjxMg5C16rx+ze8ugMpSzBOpyHEN2XNPIE8zKp6bqwPqTjU Ka/C8H19dmdeRoVlCyaTV70yS0nuIA5QpLmKQz33/viuUfW9OFm9jRXX2vivhwGIGhp0 Zepzxb1yLZ3d6h74zbFNM2eg9Ql6eAGn6bJNxWunHazURxELxzikKsbSg8fgs/HT8t/X Hw0dLCYHAYP5PCPQX3SkfSiy35U39ev/vOR8KSfRHqgQx8KyAMuXVoGhgPsqGmr889qD 29mhiezuuxV5Aeff1jLpbqWEJKt13gA7I4rVpIZ2XCn3vO+R0KUGZlGvB3Fropn2OVNo DfMA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=ZecKxzRONwavuHnFVGhqaIMfDWerpCMZd8qSregTn0k=; b=U9NnnwrLAFPCK3qTY99hzgPEGZ/WdNvyZ6cWwuTWIvwZUCRNOwbLzOObhEcHKE7oFu MPavfFrYdaL/ojZw9edHgcMAMBhBV/bVz+Ywwmajr1I3NgeH6zaZ0+1ZgZaMbP6tcQzy RNbtF+cWvckpCUvMdBMY4FGaEOYtOu1h7tHew= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=ZecKxzRONwavuHnFVGhqaIMfDWerpCMZd8qSregTn0k=; b=N4C+BVdYVX94i7HxAU6xsF6k4f9r17b75S+TrlXBHf/w+PBLtUqdFZH6vht2c4JOQb mUj6NuBZGTxUv3AnocTEGlvLxihV9aT41TiorVI92DgZBCGOCSqL2evPI1p5DvNi7Ha6 j1LX8lqYEEhgJBMcDV9lEbEkN5yYIYbgfIt+xCVy+hCs7wEA7qukSjK++6PauQVSQF4I iQ7xqPzCONpB0RFECnqDqsM5yBUTmY3qnEIbjss6GJvxyvPvOFI5L0yCgN9b/QQZxI4T hFHcuHmQhIqTbDteqKRWKreXXCURZz4aepmmNe26pBFctAuQqm9EHankObakO+M5Irk5 5PTA== X-Gm-Message-State: ALQs6tAWvZzIeggC14r4IupwgOmBdvW0Q63gNDXhA1Oo57byqnb5FYo4 x89JCWxBZrt6hHb2WMwPHMHYe6YTF/pUYa/XK64= X-Received: by 2002:a24:87c8:: with SMTP id f191-v6mr7440721ite.16.1522807084182; Tue, 03 Apr 2018 18:58:04 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.95.15 with HTTP; Tue, 3 Apr 2018 18:58:03 -0700 (PDT) In-Reply-To: References: <4136.1522452584@warthog.procyon.org.uk> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> <9758.1522775763@warthog.procyon.org.uk> <13189.1522784944@warthog.procyon.org.uk> <9349.1522794769@warthog.procyon.org.uk> From: Linus Torvalds Date: Tue, 3 Apr 2018 18:58:03 -0700 X-Google-Sender-Auth: SwEPnjFBhkDS4mBJUdknFg354rI Message-ID: Subject: Re: [GIT PULL] Kernel lockdown for secure boot To: Justin Forbes Cc: Matthew Garrett , Andrew Lutomirski , David Howells , Ard Biesheuvel , James Morris , Alan Cox , Greg Kroah-Hartman , Linux Kernel Mailing List , linux-man , joeyli , LSM List , Linux API , Kees Cook , linux-efi Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 3, 2018 at 6:30 PM, Justin Forbes wrote: >> >> If there actually was a good explanation for the tie-in, it should >> have been front-and-center and explained as such. >> > Honestly, yes, the major distros have been shipping this patch set for years > now, and every time it comes to upstream, the same damn arguments emerge. Well, I think it's because the explanations have been bogus. Just look at this thread. It took closer to a hundred emails (ok, so I'm exaggerating, but not _that_ much) until the *real* reason for the tie-in was actually exposed. For the first 50+ emails, the explanation was "oh, only if you do secure boot does this make sense". Which is still pure BULLSHIT. Of _course_ that kind of stuff raises peoples hackles and makes people not trust the messenger - he's clearly being evasive and there must be something else going on. So instead of the bullshit explanations, just explain the purely _practical_ side. Because I find it a *lot* more convincing to hear: "We'd like to just enable it all the time, but it's known to break some unusual hardware cases that we can't fix in software, and we wanted *some* way to disable it that requires explicit and verified user intervention to do that, and disabling secure boot is the easiest hack we could come up with". See? No bullshit. Just straight talk about the *actual* reason why people decided on this particular tie-in, and admitting that it's a hack, but also clearly stating the reason for the hack. Now, I still don't necessarily agree that it's the best possible option, but when stated in those terms I at least understand why that option was picked as a reasonable one, and it changes the discussion a lot, and (at least for me) makes it much more palatable. Because as long as the explanation is just some "you must use secure boot or you've already lost and further security is pointless" hocus-pocus magical thinking, I immediately go "no, that sounds completely bogus, and it makes testing and coverage much worse, we've done other things quite like that without this secure boot tie-in". Linus