Received: by 10.213.65.68 with SMTP id h4csp762115imn; Wed, 4 Apr 2018 06:54:30 -0700 (PDT) X-Google-Smtp-Source: AIpwx49Wh/wO7aeGJAczg/aKz+HJEwC+IJHNhTeeBLuVMUTg/6saCx/z2J6Mv5QPYye8wX8fC1qX X-Received: by 10.98.76.68 with SMTP id z65mr14070619pfa.181.1522850070221; Wed, 04 Apr 2018 06:54:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522850070; cv=none; d=google.com; s=arc-20160816; b=MC6qy8TU4PE63MutFgCASJGdsbHLLbgzsQ+qd85eAYfaW96SD3CzMBBdoKy1NEjrgC w3HxPhP9a/tgSVwBe9JZ7PYP4Lr+AoKwSXZHQLSklWT6UDKfTqSLhKRjlead/Ycq3LNF bcfQ8fT7N6p1d+K1uHN3QiMSEpelOksdVXw6DLg7VIEdZHtS2Ez6cFPaEtc0U0iwnAmc kjujtF71kskcyqs/0By+BOrn6GA062zuudLSgQrCfCKlgpoXzhhJXi8m6AEqoF4M3SMK oitGfe43pKq01LKZ6uWpvGlNHXfMOjb6HQbc+RMn4obeC4EN6xDoXgClcIRVpI7ScIHL wuYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:mail-followup-to :message-id:subject:cc:to:from:date:dkim-signature :arc-authentication-results; bh=mHeBreTZ4jzpu5BHvlF6d0J682kUa4VmwEtyzc4Wrtw=; b=SeM/ZpzqKgnerBDjVZ36+1jx1jfXfrzRDzbSAvWJrmyAXxqMeoTLTRfxwFTVjO3g/g +MB+koAuHY3ouDxAZw7849ffyywhjgm5N3otFUhbRexMpe7Mv/Gpi6qJqlBxSAviRfen g8qhQejZfSzc6WqS7WveQh809gWz+mPT1iD/6kUASUkq78eeAblpihjkJcquT56WESP1 jGWt2kXLAJA5dvzokatKKoLu8iZd8213HRfx8CFw9iqLcO10HJ4yf/Qoda0tfBavcPV5 Z4fPri5OSigob2jxkleuIPg7W8GBoa30k1EOUmebPNNwmBKvkuiuiqevNX4PXSMr+7y4 ms5g== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=d24EDXDu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t23-v6si3019841ply.445.2018.04.04.06.54.16; Wed, 04 Apr 2018 06:54:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=d24EDXDu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751326AbeDDNxB (ORCPT + 99 others); Wed, 4 Apr 2018 09:53:01 -0400 Received: from imap.thunk.org ([74.207.234.97]:60532 "EHLO imap.thunk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751117AbeDDNw6 (ORCPT ); Wed, 4 Apr 2018 09:52:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org; s=ef5046eb; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=mHeBreTZ4jzpu5BHvlF6d0J682kUa4VmwEtyzc4Wrtw=; b=d24EDXDuOXCLhRAeEpUSc5bJOB MRpXQHYvK35PlCOKR0k8YqcUgzSkUEeaHWz3FyVaQuIWvlm+GOKtF755W9speztc4dxamvJwVLq7y h7Zd5Z5RWydmxsAWs5Q+IYZss2rFt77735WO7w+GkJB+jPQQg8IgMW1JGbpx7liPzFLA=; Received: from root (helo=callcc.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.89) (envelope-from ) id 1f3iqK-0003KN-0M; Wed, 04 Apr 2018 13:52:52 +0000 Received: by callcc.thunk.org (Postfix, from userid 15806) id 51E667A2DEA; Wed, 4 Apr 2018 09:52:51 -0400 (EDT) Date: Wed, 4 Apr 2018 09:52:51 -0400 From: "Theodore Y. Ts'o" To: David Howells Cc: Matthew Garrett , Linus Torvalds , luto@kernel.org, Ard Biesheuvel , jmorris@namei.org, Alan Cox , Greg Kroah-Hartman , Linux Kernel Mailing List , jforbes@redhat.com, linux-man@vger.kernel.org, jlee@suse.com, LSM List , linux-api@vger.kernel.org, Kees Cook , linux-efi Subject: Re: [GIT PULL] Kernel lockdown for secure boot Message-ID: <20180404135251.GD16242@thunk.org> Mail-Followup-To: "Theodore Y. Ts'o" , David Howells , Matthew Garrett , Linus Torvalds , luto@kernel.org, Ard Biesheuvel , jmorris@namei.org, Alan Cox , Greg Kroah-Hartman , Linux Kernel Mailing List , jforbes@redhat.com, linux-man@vger.kernel.org, jlee@suse.com, LSM List , linux-api@vger.kernel.org, Kees Cook , linux-efi References: <24353.1522848817@warthog.procyon.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <24353.1522848817@warthog.procyon.org.uk> User-Agent: Mutt/1.9.4 (2018-02-28) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@thunk.org X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 04, 2018 at 02:33:37PM +0100, David Howells wrote: > Theodore Y. Ts'o wrote: > > > Whoa. Why doesn't lockdown prevent kexec? Put another away, why > > isn't this a problem for people who are fearful that Linux could be > > used as part of a Windows boot virus in a Secure UEFI context? > > Lockdown mode restricts kexec to booting an authorised image (where the > authorisation may be by signature or by IMA). If that's true, then Matthew's assertion that lockdown w/o secure boot is insecure goes away, no? - Ted