Received: by 10.213.65.68 with SMTP id h4csp914393imn; Wed, 4 Apr 2018 09:19:40 -0700 (PDT) X-Google-Smtp-Source: AIpwx48zGM+MslD2T+f9w2FV9Bqi5Pg4gZIUJ9Gtac/PUk3HY+pAAVYopuYIDVAUimpmLsID4da5 X-Received: by 10.99.188.9 with SMTP id q9mr12076492pge.381.1522858780571; Wed, 04 Apr 2018 09:19:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522858780; cv=none; d=google.com; s=arc-20160816; b=QuKRxCx7fgFtyEeXMNWZnAyebEMQVzHhFQzZnUs0gvZFeaI704l1Eaya/vJG/VXvJH KpB8CMKG9ATkOZgXBUTA9coNwdUKG3axZgmbVAEiewgWYdnZFtcNgt+fEvzSP7XiG93w lnzYGAAbMyQJOq38AMISyWhGrZdqPRANhTSLkRgLHPcFO2NE7xLYnld1Lhoqi0EH9mvs mifWtwaDspjO7IG4d/lx1vm5/AJDUjThNUZiagb7CErdQE90t7ALwcqHbJL7Z18ry4oH ooDeVU90qvsWUDnpnUFa7TiU/CEzY0vlJ7abAUBZ3bCU2J7d4HpHmMjNimigR176d/Xb DWpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=PQA/WGS6KJqmlnYPfqBjwDqkTx/vC76iEiLYxPdk4NE=; b=R17osPD6sEmUWXd8kvqAFHNmvcAjUx4gOOmu0oNlajQLlW/hTr0IJ8jrzy5AE0lriI kx1Mz8qqf8ObKZyVFTT8FYlivkL0KcxinefieaYNdLpFGrLhbI8m5K8Ef/JkMEI6ILNB ixE9+1q8YQo4plZqhMCPpZhKjKgHPAys7VbAfCMsh7N4M310QE9jcVoeEqCgoCkGYZff /4GGBnplnTeYluNWYJFTMNLBXTSrVffJwpVAFPVo2bpBUTgj/GNpfGRSqe8d9/gr8Ioi USwK3MVnWQqiPksmrPh6L+V1qAbFm26NjWfWzpCRqbxuoE7WDv3iB0MGlKLn4OtgtUUt ep3w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=kwRVBmVp; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e9si3916555pgc.170.2018.04.04.09.19.26; Wed, 04 Apr 2018 09:19:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=kwRVBmVp; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752224AbeDDQSK (ORCPT + 99 others); Wed, 4 Apr 2018 12:18:10 -0400 Received: from mail-io0-f196.google.com ([209.85.223.196]:42984 "EHLO mail-io0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751606AbeDDQSH (ORCPT ); Wed, 4 Apr 2018 12:18:07 -0400 Received: by mail-io0-f196.google.com with SMTP id d5so27001320iob.9 for ; Wed, 04 Apr 2018 09:18:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PQA/WGS6KJqmlnYPfqBjwDqkTx/vC76iEiLYxPdk4NE=; b=kwRVBmVp2SKiV6KRzcz968wSE+sdeDfcEaDWs41C7KzggeEkPinu3rd7tgFatpCWrO QQlbo5rz8SWRRRmPm4rs8RexSAARp64g/i7OvQt/9J2NFgV8fV9NCSLZx/MeCI3YIVdU spr4S+/SJccTOcqAvpIem7IjGH/LeXS3qdsJphFLFeZLE6t8gVU2p6xFRgyUmyK6P6iI RKZtV2Ob7otsfJM9m8y0Kr8zXe4wQgvEyrbo5IOb8oysnDaA2ytR6zOszZOiqeyomfGz 453bUhvG5G5UOK4XLOQGuSPi4uUzM44FYiaMpGZNiNpolEwgI8Z0lhS8WZbi/gbIa4Gs bIaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PQA/WGS6KJqmlnYPfqBjwDqkTx/vC76iEiLYxPdk4NE=; b=kuqqR9NQ72t+00nyWPcmitbjk/QyRslmnvkNfd7td3GweBOUDNCqgji+2hwk+jBTpr uNu/rkWKmrfnqfu9PyM8hMNwarLXpWliWFBEvwO/epTije2p9mb/+ElA+JiTEJuMv4Bv zmUiWpwM2y7HxNgo/mzD/c7fakphbjfu8A+vaeK3D8R3216/Z00JF0/yIDpwlWuGfWV+ b8lDyxXypCDZQ/YFeJqJQt/U2iPEJKgRmzWUNq74MlY5cKARaNV0UjkHzLBRHswSNyXB T3PJeGhw7fqX1RT8m4XljRVLh6VAFXFETU5eVDaUfRKeo61L0kieEyjLV9Gz+7roczGg 36Cg== X-Gm-Message-State: ALQs6tBbyVfk3sd/1g9ZOZ/rMn38LfTS9iVa/x2mhs3LrJ0pkm+oiHoe Afq6SIfw6OdB/SKKXZDnYneoqEoY6+KBPOhZ9qRhgw== X-Received: by 10.107.180.68 with SMTP id d65mr2954269iof.244.1522858685921; Wed, 04 Apr 2018 09:18:05 -0700 (PDT) MIME-Version: 1.0 References: <4136.1522452584@warthog.procyon.org.uk> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> <9758.1522775763@warthog.procyon.org.uk> <13189.1522784944@warthog.procyon.org.uk> <9349.1522794769@warthog.procyon.org.uk> In-Reply-To: From: Matthew Garrett Date: Wed, 04 Apr 2018 16:17:55 +0000 Message-ID: Subject: Re: [GIT PULL] Kernel lockdown for secure boot To: Linus Torvalds Cc: luto@kernel.org, David Howells , Ard Biesheuvel , jmorris@namei.org, Alan Cox , Greg Kroah-Hartman , Linux Kernel Mailing List , jforbes@redhat.com, linux-man@vger.kernel.org, jlee@suse.com, LSM List , linux-api@vger.kernel.org, Kees Cook , linux-efi Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 4, 2018 at 9:09 AM Linus Torvalds wrote: > On Tue, Apr 3, 2018 at 9:30 PM, Matthew Garrett wrote: > > > > Bear in mind that I'm talking about defaults here > Mattyhew, I really want you to look yourself in the mirror. > Those defaults are really horrible defautls for real technical reasons. > You asked me why when I questioned this, but then when I replied, you > entirely ignored it. > So let me repeat: the defaults are *horrible*. They are horrible for a > very simple reason: kernel behavior changes that depend on some subtle > boot difference are truly nasty to debug, and nasty to get coverage > for. They're the defaults that the mainline distros have been shipping for years. So what are you actually asking for here? If you're saying that it should be possible to enable the lockdown functionality even in the absence of any kind of verified boot, then yes, I agree - I just think it makes a poor distro default to have that be the case out of the box. If you're saying that it should be possible to disable the lockdown functionality even in the presence of any kind of verified boot, then yes, I agree - I just think it makes a poor distro default to have that be the case out of the box. You're arguing against a patch that provides the default policy that distros want to ship.