Received: by 10.213.65.68 with SMTP id h4csp821239imn;
        Wed, 4 Apr 2018 07:51:03 -0700 (PDT)
X-Google-Smtp-Source: AIpwx48fv4sjpovYqBfqC2KdCTT08IPp386dsTBAzCWu7hAFiqfMx/Oj8fcDR2ZrW4ndLCrr8F9i
X-Received: by 10.98.137.218 with SMTP id n87mr14251023pfk.48.1522853463274;
        Wed, 04 Apr 2018 07:51:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522853463; cv=none;
        d=google.com; s=arc-20160816;
        b=KO5QhDTXxWPGnCtRZJm+TJYiAy/lEPfaqnrtIfB2Yzmoj9s2PJsS3+AJEDBDJTs2yS
         sZDQQNQPZBkb+/3u/+yrxALym7LgKYgr/JEIww5b5QcEj4Zmf4D8hRBZjRyxh1sX4cGx
         8SVvQGgWXM2hJGdxgLX6aMH5oAEmxiKUcPbHy1ppxUA/EsVKNZoAj66pTZTDT87FWvzN
         eHXstHI62O8MEsGBM/+WKvXgQIdbvrh7oQKNIiP+l63IMIZz7mh0y+7LTEOwldzBzCRM
         duAGrAreyxvmxA/Ad3xMhoT6CJyNYwRNYv5YfVDrvi9JOAGnK/7XDcu8VH4oEtp4uAMo
         VH5g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :mime-version:dmarc-filter:arc-authentication-results;
        bh=CK2TzgzyuYj7nxWU+5VfFWjdB3TE5tE3PxNkVlbQ/GY=;
        b=orbajSmOvnx4uRxZGeIYxClvJ/yrLdALlHQX0mbusadn4haB60khBzxsIH5UW3d4b5
         uCfF4RwmZj3XVvZ5RVyM0nGXtYykiJdhoqWEDd/X+9k24SvniF8sNIL2kIcPVns42KVl
         SrUc0DqXEnFLSGzopGDO+/VMPImvPqOdY6HUHmrYBP0TiGsBZBXjMVpvotOm2Icsqo3K
         0F1i53LJpKk6EMia8FngN1ARULv73bKqhppYPCkEIigPPAXtYrxAkkLifpPYT8oZn8mR
         Ot+s5u7Mzde42aiSqChFko8Mif8cUMjq4dK9ogBXpn7ICX9lUklLif2klHD/AvEGSbg4
         xGpQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 34-v6si3322561pln.473.2018.04.04.07.50.49;
        Wed, 04 Apr 2018 07:51:03 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751442AbeDDOtg (ORCPT
        <rfc822;paul.schmitz.hallo.parkuhr@gmail.com> + 99 others);
        Wed, 4 Apr 2018 10:49:36 -0400
Received: from mail.kernel.org ([198.145.29.99]:45198 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751251AbeDDOte (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 4 Apr 2018 10:49:34 -0400
Received: from mail-it0-f41.google.com (mail-it0-f41.google.com [209.85.214.41])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 664C621835
        for <linux-kernel@vger.kernel.org>; Wed,  4 Apr 2018 14:49:33 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 664C621835
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org
Received: by mail-it0-f41.google.com with SMTP id 142-v6so28474165itl.5
        for <linux-kernel@vger.kernel.org>; Wed, 04 Apr 2018 07:49:33 -0700 (PDT)
X-Gm-Message-State: ALQs6tClGlfpblV9mzfr07tLC/gIA/C+IIV64xot1g++LAcHC52iwq3J
        EBx9e0sx79yUsLqvVsABvVjQB0z0W03S7We+hHlNgg==
X-Received: by 2002:a24:5bd5:: with SMTP id g204-v6mr9925972itb.55.1522853372695;
 Wed, 04 Apr 2018 07:49:32 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.2.137.70 with HTTP; Wed, 4 Apr 2018 07:49:12 -0700 (PDT)
From:   Andy Lutomirski <luto@kernel.org>
Date:   Wed, 4 Apr 2018 07:49:12 -0700
X-Gmail-Original-Message-ID: <CALCETrUVQLDC6_VEvuAbdCOuGrmcxohqTB6P8eyNojm9AryNkg@mail.gmail.com>
Message-ID: <CALCETrUVQLDC6_VEvuAbdCOuGrmcxohqTB6P8eyNojm9AryNkg@mail.gmail.com>
Subject: An actual suggestion (Re: [GIT PULL] Kernel lockdown for secure boot)
To:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc:     "Theodore Y. Ts'o" <tytso@mit.edu>,
        Matthew Garrett <mjg59@google.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Andrew Lutomirski <luto@kernel.org>,
        David Howells <dhowells@redhat.com>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        James Morris <jmorris@namei.org>,
        Alan Cox <gnomes@lxorguk.ukuu.org.uk>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Justin Forbes <jforbes@redhat.com>,
        linux-man <linux-man@vger.kernel.org>, joeyli <jlee@suse.com>,
        LSM List <linux-security-module@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>,
        Kees Cook <keescook@chromium.org>,
        linux-efi <linux-efi@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Since this thread has devolved horribly, I'm going to propose a solution.

1. Split the "lockdown" state into three levels:  (please don't
bikeshed about the names right now.)

LOCKDOWN_NONE: normal behavior

LOCKDOWN_PROTECT_INTEGREITY: kernel tries to keep root from writing to
kernel memory

LOCKDOWN_PROTECT_INTEGRITY_AND_SECRECY: kernel tries to keep root from
reading or writing kernel memory.

2. The kexec protocol gets a new flag min_lockdown_level.  A kexeced
kernel will boot with at least that lockdown level regardless of its
configuration.  kexec sets min_lockdown_level to the running kernels'
lockdown_level.  Some future API could allow kexec with a higher
min_lockdown_level.  An even fancier future API could allow a
LOCKDOWN_PROTECT_INTEGRITY_AND_SECRECY kernel to kexec with
min_lockdown_level == LOCKDOWN_PROTECT_INTEGRITY if there's some
mechanism that guarantees that memory gets zeroed in the process.

3. All the bpf and tracing stuf, etc, gets changed so it only takes
effect when LOCKDOWN_PROTECT_INTEGRITY_AND_SECRECY is set.  This
removes a giant annoyance on distro kernels that are likely to want to
enable LOCKDOWN_PROTECT_INTEGRITY.  If you load a key into the kernel,
and you want to keep that key safe, you can enable
LOCKDOWN_PROTECT_INTEGRITY_AND_SECRECY at that time.  After all, if
root is compromised before that, root can just remember a copu of the
key in user memory or email it to someone.

4. There's a kernel config option for the default lockdown level.
This operates completely independently of secure boot.

5. There's a command line option to increase the lockdown level above
the default level.  No particular authentication is needed for this
option to work.

6. There's a way to *decrease* the lockdown level below the configured
value.  (This ability itself may be gated by a config option.)
Choices include a UEFI protected variable, an authenticated flag
passed by the bootloader, and even just some special flag in the boot
handoff protocol.  It would be really quite useful for a user to be
able to ask their bootloader to reduce the lockdown level for the
purpose of a particular boot for debugging.  I read the docs on
mokutil --disable-validation, and it's quite messy.  Let's have a way
to do this that is mostly independent of the particular firmware in
use.

I can imagine a grub option that decreases lockdown level along with a
rule that grub will *not* load that option from its config, for
example.

7. kexec does not attempt to think about "secure boot" at all.
They're totally separate.

What do you all think?  I think that this checks basically all the
boxes, is a lot more user friendly than the current patchset or what
distros do, and actually makes some sense from a security perspective.

--Andy