Received: by 10.213.65.68 with SMTP id h4csp766100imn; Wed, 4 Apr 2018 06:58:52 -0700 (PDT) X-Google-Smtp-Source: AIpwx48lWYuWiNcD5xEhITrU29B4hXelpN/o+/Rki4HWMpW31dBCKvzP4hO85GuYzOsfVgqygKGN X-Received: by 2002:a17:902:5a0b:: with SMTP id q11-v6mr19295156pli.199.1522850332937; Wed, 04 Apr 2018 06:58:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522850332; cv=none; d=google.com; s=arc-20160816; b=eR22R+M3LBcHx8NoXAFlyfehAqeSDVGoXHzBdcoVnHfBXVHKY/S+juOTqeII0ew9SO coFC5KXo9abL3yv/ClF+TftjZ7ZaMuGmXFAuwYVYGk5quo/qPUfnVmDs7M9S7klScbdI vEHMj4haTwELIynkcexKBqa6L/RVc/0aPU3YZXxvJbL+HIjrnJSMOHmsPYAKC4aX9sm1 AYrFub+H2WgMFddy4/EVosN/21mKqnnylh1TK3Hbvi0OdGJdD7cBaYg8LsyQXvo/NdP0 PrHEqkBsP3bXfRBFQE51xGpGI+9tY+3JtMWhXiua5cp46vUwSs6j0bNQQlV6Gsvapeao OP0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:content-id:mime-version :subject:cc:to:references:in-reply-to:from:organization :arc-authentication-results; bh=LHcYvhkaWW1OAHIBhHIZ3c1Z1oRVZYcro7fMv2ZuP+0=; b=Vqf7f7hNkAtkNNS21nQSTg5AYy6bSs0PsSqUtRv6Nvd1OVyv+yDl+4ePY8pQRi2YAo rhVG8ZJFmYmeIVQ0qk4xxvBfw3xrqRbdDs8V30MERBqGL8QsHu9msDHtB70MpVpUDhih EabMaU/NHq3ohgdZilM4NQ4gMFdGzi/OT1mMhdk4GRNppS7DOUdNcLBl64AvPpv+stNz M3NCaLW687ZFAwhEuUIRPyNk6fi+Qb/kBzftXzhGtGISdr7kETm1qnGiAoDsE6gkgWik v4jm8XyTqnkQ39MM51gp3lRB0CfiA+T96gFByNMvZQsypGHkH6lPwfzzVvesrjxP73ka FZCA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r3-v6si3024778plb.666.2018.04.04.06.58.38; Wed, 04 Apr 2018 06:58:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751312AbeDDN5W (ORCPT + 99 others); Wed, 4 Apr 2018 09:57:22 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:43980 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750853AbeDDN5U (ORCPT ); Wed, 4 Apr 2018 09:57:20 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id AF551406E8B9; Wed, 4 Apr 2018 13:57:19 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-120-158.rdu2.redhat.com [10.10.120.158]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5B32884432; Wed, 4 Apr 2018 13:57:16 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: <20180404135251.GD16242@thunk.org> References: <20180404135251.GD16242@thunk.org> <24353.1522848817@warthog.procyon.org.uk> To: "Theodore Y. Ts'o" Cc: dhowells@redhat.com, Matthew Garrett , Linus Torvalds , luto@kernel.org, Ard Biesheuvel , jmorris@namei.org, Alan Cox , Greg Kroah-Hartman , Linux Kernel Mailing List , jforbes@redhat.com, linux-man@vger.kernel.org, jlee@suse.com, LSM List , linux-api@vger.kernel.org, Kees Cook , linux-efi Subject: Re: [GIT PULL] Kernel lockdown for secure boot MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <27480.1522850235.1@warthog.procyon.org.uk> Date: Wed, 04 Apr 2018 14:57:15 +0100 Message-ID: <27481.1522850235@warthog.procyon.org.uk> X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Wed, 04 Apr 2018 13:57:19 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Wed, 04 Apr 2018 13:57:19 +0000 (UTC) for IP:'10.11.54.5' DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'dhowells@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Theodore Y. Ts'o wrote: > > Lockdown mode restricts kexec to booting an authorised image (where the > > authorisation may be by signature or by IMA). > > If that's true, then Matthew's assertion that lockdown w/o secure boot > is insecure goes away, no? No. Lockdown prevents the running kernel from being modified (or, at least, that's the hope). But it doesn't do anything to prevent the kernel being modified before lockdown is engaged. We are trying to use secureboot to protect the system to the point that lockdown can take over. David