Received: by 10.213.65.68 with SMTP id h4csp451596imn; Wed, 4 Apr 2018 01:06:52 -0700 (PDT) X-Google-Smtp-Source: AIpwx49OLLj2/Et2M8ZbkFPru64Pvdn4DXCCuTmyCLVlhN4FgvfovpOpBwJm6wnvgb3k2yk3JyK4 X-Received: by 10.99.149.83 with SMTP id t19mr11311572pgn.433.1522829212013; Wed, 04 Apr 2018 01:06:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522829211; cv=none; d=google.com; s=arc-20160816; b=x/RJoKoA2lcMQbpMHiwmk3Zn9oQCQztQPBs5S03h/tjTxdJLGEvxronL+AMa5jlDog /JwZXYL7Od46gSIkNQ7zunVsIzhgUWC2q1HpT9Q5O7bEJAz6xX4G3YaoFfLJ//3GvTbW S3t0cHml5+0rAV4MTBu7A2xeGz2Pmw/MEVuV8WmU6ob+Mq1kL+AD65df9683rjqHzcQR MeVDSS9W+jJKp6tTEo2G4N9mA4Wm2AohDGrbYTlGlKayeM4WfGndukYRR8O+u86J3wwP 6vKIVGjG5e/8DSJ+jBUEv/ZA1mL8jBITVQRERLw6MIoOYvRQjo0asWN6J/UNRJYgwjNg 4Oog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:content-id:mime-version :subject:cc:to:references:in-reply-to:from:organization :arc-authentication-results; bh=pXSHWN4iDusZTs0sMU1gtcw+isSKfwM7c13G8MGY0lw=; b=ZhxMC2fxcZs2dpwEhTj4kmVQ5cEG1V8/3r1xATq+ohr5aE/rFLLmbQl55xIeWAj2dO k+Iyf8BlleNPX4alZJhBYa1CpdpzJX77RY7XjsSgBxv4u7J4U+1cqutw4fZ9JZlUR1tq 0Rw8T44H4CK6bLe9UbinT1Y4C70GfUwwfwSZZSn0TIKgjlsGCjad57Cv3KmxrMNfhxa6 vtxgu8yACCFOh0hQGa8utVqBZc7OedH36W4piYk8Dk00kV/YfCK6zFFXoz22hXe6xMtd /fyBHdb4GeK5oEjxm2hymg6nqattag1+hA3rwpvSfJVZs70vbgtpr4XmZOrJoZeDv6B3 87qg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n9si3617523pfb.166.2018.04.04.01.06.37; Wed, 04 Apr 2018 01:06:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751244AbeDDIFZ (ORCPT + 99 others); Wed, 4 Apr 2018 04:05:25 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:58570 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750736AbeDDIFW (ORCPT ); Wed, 4 Apr 2018 04:05:22 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1F11F406805B; Wed, 4 Apr 2018 08:05:21 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-120-158.rdu2.redhat.com [10.10.120.158]) by smtp.corp.redhat.com (Postfix) with ESMTP id DA77A10B2B26; Wed, 4 Apr 2018 08:05:17 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: References: <4136.1522452584@warthog.procyon.org.uk> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> <9758.1522775763@warthog.procyon.org.uk> <13189.1522784944@warthog.procyon.org.uk> <9349.1522794769@warthog.procyon.org.uk> To: Andy Lutomirski Cc: dhowells@redhat.com, Jann Horn , Linus Torvalds , Matthew Garrett , Ard Biesheuvel , James Morris , Alan Cox , Greg Kroah-Hartman , Linux Kernel Mailing List , Justin Forbes , linux-man , joeyli , LSM List , Linux API , Kees Cook , linux-efi Subject: Re: [GIT PULL] Kernel lockdown for secure boot MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <20735.1522829117.1@warthog.procyon.org.uk> Date: Wed, 04 Apr 2018 09:05:17 +0100 Message-ID: <20736.1522829117@warthog.procyon.org.uk> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Wed, 04 Apr 2018 08:05:21 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Wed, 04 Apr 2018 08:05:21 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'dhowells@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Andy Lutomirski wrote: > As far as I can tell, what's really going on here is that there's a > significant contingent here that wants to prevent Linux from > chainloading something that isn't Linux. You have completely the wrong end of the stick. No one has said that or even implied that. You are alleging dishonesty on our part. What we *have* said is that *if* we want to pass the secure boot state across kexec, then we have to make sure that: (1) no one tampers with the intermediate kernel between boot and kexec otherwise the secure boot state is effectively invalidated, and (2) the image that gets kexec'ed is trusted. Remember: you cannot know (2) if you don't have (1). And if someone tampers with the aim of breaking, say, Windows, then someone, e.g. Microsoft, might blacklist the shim. David