Received: by 10.213.65.68 with SMTP id h4csp739877imn; Wed, 4 Apr 2018 06:32:06 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+blnU2cY9z6kHbKAMZSFHPY02Unj57Zkyq/tV3qKWITSa4WVUDCbRIvTQNFn7PkYxbsJ9E X-Received: by 10.99.176.71 with SMTP id z7mr11750721pgo.74.1522848726204; Wed, 04 Apr 2018 06:32:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522848726; cv=none; d=google.com; s=arc-20160816; b=ZrsAYS77lWVWRp21RSLu/4IUjeLRfWkxC2SH4JUbir/YsVTH13uubsA3OHbevbeQlj TJzOJBouzP8UPekmNXt9uTg/laLFajEPa0vlp9hh+A/+fG4KLgIeE4PicllKt4LcC5CG WRKqLILwl60hLhvyc7yj4he+s9W7InTJqHhoUVR1O3sPnAepyZbCrgz2H7X8M9QMcI+7 j/i3eods3+kCFysWA/DqWHD9fH8MJ+V0yWjpdeTEGxS5wTybuLOQqlHiiD6wtUmei+mO tYVNtDgETWztaWtaJ9WN08xfwwyuwBL9zzP2h0dzDWhQBeBbG+iLpADbzWgvg0DC1P6E WsPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :arc-authentication-results; bh=5hAKviNiRQ4Wwpa8JGuDWO6myiBhiw3qK7PCYKs2/uE=; b=mudT051rE5O+vTE1O86hGcxYce0cLb0Wyb9sKUze2b+gvYz3Xuj+85ssSG+KGpt6Jc InH6Xqjan+/zqB53TpH9Ag2WfmgzKi6ikUnxjZbLm2PY0CQeSbDC1IWefBj+GsSoe8GK BxMk6Ub+Eem6rmqv9eAXDgH88NcIR5uDVzWa2eSMqwYMKOgPcxgrwKOMO6seUHD4PlCF A2Kaz4wn/Xbr2d9ixERo18Zv7m0UuuBF/Z6Ejti+pru2yrqM5D1B2oVu1/h+zhaH8mNp t5/aj3N/kNfuBHZbH8wYr2Wpbeea8ej7igaBvlM8FGKsqYiqz2jgDQ5cB0bzafO+hCcd dOOw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c5si2237520pfn.386.2018.04.04.06.31.51; Wed, 04 Apr 2018 06:32:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751417AbeDDN3b (ORCPT + 99 others); Wed, 4 Apr 2018 09:29:31 -0400 Received: from mout.gmx.net ([212.227.17.21]:57733 "EHLO mout.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750890AbeDDN32 (ORCPT ); Wed, 4 Apr 2018 09:29:28 -0400 Received: from homer.simpson.net ([185.191.219.161]) by mail.gmx.com (mrgmx103 [212.227.17.168]) with ESMTPSA (Nemesis) id 0McluX-1emK4x2gNN-00Hzsl; Wed, 04 Apr 2018 15:29:06 +0200 Message-ID: <1522848543.30109.3.camel@gmx.de> Subject: Re: [GIT PULL] Kernel lockdown for secure boot From: Mike Galbraith To: "Theodore Y. Ts'o" , Matthew Garrett Cc: Linus Torvalds , luto@kernel.org, David Howells , Ard Biesheuvel , jmorris@namei.org, Alan Cox , Greg Kroah-Hartman , Linux Kernel Mailing List , jforbes@redhat.com, linux-man@vger.kernel.org, jlee@suse.com, LSM List , linux-api@vger.kernel.org, Kees Cook , linux-efi Date: Wed, 04 Apr 2018 15:29:03 +0200 In-Reply-To: <20180404125743.GB16242@thunk.org> References: <20180404125743.GB16242@thunk.org> Content-Type: text/plain; charset="ISO-8859-15" X-Mailer: Evolution 3.22.6 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:Qbe3Wk5lzvfzj44sUxQpaWNNbw2UugbIdlt5bt4k/uiI+xtOuGF Ga7Wk96MRLvxK3D9Q2RH3cEu8emEerZMoXsHhqCeXjVLWvcBKbDgzi/iBhOwqIfzKDke/aD Ny0PLJNrX74erPUtc+D+TTsntESY1T8oiqo+97hT6wM0Mny4fJhg5Wm/MWeq3SJ4dmG+dqt 0vuo4Yz57WI5DeGjiMwtQ== X-UI-Out-Filterresults: notjunk:1;V01:K0:/z8YZcvgE8c=:JsoCnGlXBlH130FOQs4iHY 5Gca6UkPS/Zf3UGQ3nfTP/jDbSbp4pHvX7y2CENsa+Wun6W2fbaBVJ+iZvoDkISDufQ9hkrog qtIIUXQ+MAkBArtFuMiFL0BtF/fmMoa1qS7B/NnwkPd2ey4928gJklxFjlEn8YaTBUFIR1EC2 7Q1nO9TKHTTcI4soxOBM5Ut3/uyGks/tqk5SMEuAmjAZP6kC4JpgyhApPSkh3F8UC84+RV7pM GrDZxlSPycAZPEHJNFesDQci2QGiEnFMXRBobFcGJ39VGCXRPeS3O/ZTkphL57Od3nwB3nFTs pdZ59QxmhX/ieVs0q3aFArdJG97EXmlzB6YQy1WLyXitDj1uN+L2kFzfgVrkl0yqBNmZ8J7KF Bb8JE0K4Cd24QOgBRZm/mILYH1MjkQ29mUJMFScdLdDPa6b27KB8uLkI/M5AcZlQMH7sqoQy5 UVCmM9ld3oNuTHaqIkDrs/799CRn/a88Jwkhry5wGhacEbCFAruBWSQyjyau+xoM18dudUDHt 7PA53tpAGRKWTXg+GCwAnuCMeOMlQqxo9rz4rJ/SaOwF66TtqRwYOlmkiIdN65Iyk5hWmSEAu 8JGayqCCkBNLZaA0CA3Uaov0cu5qy3RfJfd0Rhm6/tzzjICjGtR2hB/LBBZoNeWzBkmXSGa19 meRxfdqcwchavrJ2JcBZ4mgXOQyAlSsF6LVTG04oQhSXIgdxUB9ZSrBwT/L8OLUxznJOU9xVC 8o4PAkc+WPm6IviShoMJY+gMUeItnxmPpIeJbgXPrnf8QolxjeDb8VVJQN8BPEc35FICqSa44 maTkicSJuInrTbcCDHIYfUzleMRG5+LcdICP7qYEHsQ6uijJ1k= Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2018-04-04 at 08:57 -0400, Theodore Y. Ts'o wrote: > On Wed, Apr 04, 2018 at 04:30:18AM +0000, Matthew Garrett wrote: > > What I'm afraid of is this turning into a "security" feature that ends up > > being circumvented in most scenarios where it's currently deployed - eg, > > module signatures are mostly worthless in the non-lockdown case because you > > can just grab the sig_enforce symbol address and then kexec a preamble that > > flips it back to N regardless of the kernel config. > > Whoa. Why doesn't lockdown prevent kexec? Put another away, why > isn't this a problem for people who are fearful that Linux could be > used as part of a Windows boot virus in a Secure UEFI context? > > If lockdown simply included a requirement for a signed kernel for > kexec --- and if kernel signing aren't available, to simply not alow > kexec, wouldn't that take care of this case? > > This wouldn't even be all that much of a burden for non-distro users > with lockdown enabled, since in my experience outside of enterprise > and data center use cases, kexec isn't used... Lots of folks use kdump, ergo kexec. -Mike