Received: by 10.213.65.68 with SMTP id h4csp498448imn; Wed, 4 Apr 2018 02:06:13 -0700 (PDT) X-Google-Smtp-Source: AIpwx4962ZaMXPpkKjLErAPT2BhyPasD+SpV/QFWqIRCqpg5OZ2yYhO1qXaF1yDq3o5jMxHtyn0m X-Received: by 10.101.100.212 with SMTP id t20mr11733656pgv.112.1522832773874; Wed, 04 Apr 2018 02:06:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522832773; cv=none; d=google.com; s=arc-20160816; b=MdQKwkXMQ/5YQh66MxZBSSzzn7vPmVVADoqGcKAFxR/+GLQK04ejNYqGWD7ZvLbIJN 7ZC/ZeXrjjv3jV80aUWKvsFOeYhqftckRI4SwjRNLYiXMpxhLBf4qO0Nz1JZznmqGGWx 2Y6/lVwC9eAbkL2P5woRl2DsQ55Vl9G+bPpRHYWwpB4VS69rNrk6HEAC6KWoniompAgQ dLnGIT5z6TLDrPM9G14AtDn26GvZUvUBCEhO+6Gqfw/AdQ5KypVE+15E818hHfPuFrtP ZDptrogvYI0iY/sQC7EdzOReu2IdJb2N3vuMT/ssfdS/zGmxH5JlT0EbpDAGxmZ+yjnE 4yAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=DItT7P53UFX7WaHCh38f27aYr9wOMzmLe4x3HaL2Z6I=; b=FMUAlihz5DROBnvV3+NstBpbYkCbMHPXfYLEGxi7pGP4oRJ0hiYnbCeqm+gf05bdI8 t14PL6zrRRahMVXqT+MwfzcE/vlWvLO/fcrRP10ydvvmiIGZVoInDrZY3oW4UdllNAMx ipEQdVwWH+IZRqMzZaOk3L1PHqxCRF0YUxCCSnYbAynpPErq7u8DDjldioVNhV1XjIy1 JPazaTMi0BdLIXPJEFx83upBh1Nh67CdDaOqfT1VYn/FlmCyC8c34J5B+091E5LCvHG/ ZgW4KGBx4d3O5aZsGtXOGo/QvLQ/RP+pl1dX2q4aSLs00maI8Hba2oQ0hi/lYtTzv2py tf2w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 91-v6si2764530plf.78.2018.04.04.02.06.00; Wed, 04 Apr 2018 02:06:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751516AbeDDJEq (ORCPT + 99 others); Wed, 4 Apr 2018 05:04:46 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:55414 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751413AbeDDJEm (ORCPT ); Wed, 4 Apr 2018 05:04:42 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id C3BA042B; Wed, 4 Apr 2018 09:04:40 +0000 (UTC) Date: Wed, 4 Apr 2018 11:04:40 +0200 From: Greg Kroah-Hartman To: Matthew Garrett Cc: luto@kernel.org, Linus Torvalds , David Howells , Ard Biesheuvel , jmorris@namei.org, Alan Cox , Linux Kernel Mailing List , jforbes@redhat.com, linux-man@vger.kernel.org, jlee@suse.com, LSM List , linux-api@vger.kernel.org, Kees Cook , linux-efi Subject: Re: [GIT PULL] Kernel lockdown for secure boot Message-ID: <20180404090440.GA24169@kroah.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 04, 2018 at 12:19:35AM +0000, Matthew Garrett wrote: > On Tue, Apr 3, 2018 at 5:18 PM Andy Lutomirski wrote: > > > if your secure boot-enabled bootloader can't prevent a bad guy from > > using malicious kernel command line parameters, then fix it. > > How is a bootloader supposed to know what the set of malicious kernel > command line parameters is? It wouldn't, it, if it really were "secure", would not allow any command line parameters to be changed. Which is exactly what those bootloaders who "claim" to be secure do. And, just to butt in here, there is no requirement that I have ever heard of from anyone at UEFI or Microsoft that this type of "kernel feature" is a requirement to allow for a bootloader/kernel to be signed with their key. So that should take the "politics" reason off the table here, if people thought that somehow it was even a viable reason... thanks, greg k-h