Received: by 10.213.65.68 with SMTP id h4csp917081imn; Wed, 4 Apr 2018 09:22:21 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/ugp9P0VY0bkACQKh74wFXvgspd3x2rIrH1JH05crcwMOwsbqN9mnnHQvhlX4JQsmZyK+A X-Received: by 10.98.227.16 with SMTP id g16mr14060722pfh.171.1522858941547; Wed, 04 Apr 2018 09:22:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522858941; cv=none; d=google.com; s=arc-20160816; b=xlzWXTtWs78hxd2efUvkVGyC/5tllLOpy3vBCiJu9qvbWkjOhFlo3IYdWHjgom3SPd zl7QugIAu9DP3Z/Lf7ZpyfMfKFt6wBg81r+XOcvfQBrvJCf2Acr3hlr0r7UPqcbzmFvo vFKPAStyGq+AZcWcN4A/CJHPXJRV/aNHObG7GXzPtBonU/n/nMR8vDIwJAGy1rpYhESY tMoUtUpctY2E6PirdmR94PiHy+mpkDtMGhLrXH406E85xw3/+roDKwZ/x6Y6VxpFE4Y/ HiTRzaQ4e10LMtzrJA4gC0baWuadYl4MnVWrBbAAfWA9NMCKMakGji9Qi3CVSmUmHJhv LDbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=jyjw9oB2b0XXM4wlySjPheCFXVlamH0mqQbM0RsoC7g=; b=V6ahjwsftqBYxTUyzB2w0LFWu7GeTqXf5ibt+jLaXMAjSu+Yv0Iew/1bQYN71VoEu0 Wehr/bALWeHFuRotVphuusnklp0PgDDc73y++sCQQeQ7AVIwjtyHcJyIO8EeHZGWqm8K a0c3SjVvSYKlsARzjQF1tTqI1wkMJwHsJESuGXz6f3zO7dc7dbY+KN+GUMU+AMnpobER 9w4PDc+X5GlF53LOf8wv5InMJrY4G96zOwlSZHaiyCbdaGU46oFYGvCQeRtmND4l0bde uVrFhO+Qt5F9y78RBhuWhovoK421psvFVrgfU8SL6KtNynuLHDX364Iuju2uVauVrGVL 1dOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=udk/+daQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q14si3985119pgr.311.2018.04.04.09.22.07; Wed, 04 Apr 2018 09:22:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=udk/+daQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752021AbeDDQU6 (ORCPT + 99 others); Wed, 4 Apr 2018 12:20:58 -0400 Received: from mail-it0-f67.google.com ([209.85.214.67]:36939 "EHLO mail-it0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751769AbeDDQUz (ORCPT ); Wed, 4 Apr 2018 12:20:55 -0400 Received: by mail-it0-f67.google.com with SMTP id 71-v6so26320936ith.2 for ; Wed, 04 Apr 2018 09:20:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=jyjw9oB2b0XXM4wlySjPheCFXVlamH0mqQbM0RsoC7g=; b=udk/+daQ0LEdbWBKPs7JimbGH8/DpmY234f67fMfmv2DdzPLYCNLK9sv9DlaC1iIda opX9SYzyjmDQMuYsIDjUV7eq9E4Z88kTorUQffP4m75LAbOyW7lmugxBJyi/zCSf95JH jiV6A7ftNs7PQP4bBtFAwG3EgUUbEbYUnpgclrC25xIgPOxg/Ga8I9YJgKbBuRw0WMEX 7P5EMrKaCsMVLg1H+/fCyCLwvuVAH4kDsjd3mhidgH81Y/ef9Roe95wxRAH7Fhz4Axre 3vRaX4lZ41PmRBAx3YIR8P+D04gRLCuXJE74DoH7Q8nUmcJfPqVKd8ChWi3+IXXS+jHr qifQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=jyjw9oB2b0XXM4wlySjPheCFXVlamH0mqQbM0RsoC7g=; b=W2jHHcNU2l4CBigGNsRH0b4Y5+PZB6iJnXSx82mE9SmCZY5CMck5gZD7UYSdQfOFG4 xkwH2OeMDxTccFBfBq2GO6oYzC3hxz1XmnqE6YBr/Q19Dm7gcUT/MUHhTFWM54FCVSNT cg125oYE1cujj2v+Ok4hIHDfbbMWEHk4OGEm9gR7Zeq/votFc5RnaOsKddysEY8lIro6 XpmpQ3vCUr0sVqLMCtSju6VQc4QlCqGSO8RmNo83fV7tlx0NdLClpCSHfsRBf4feZcS0 xXSTf0A73l+WnmOle7twAgOQc1NMkNYsmZBoZj8PQx4bXFb3Chw4KZgvx9u0t94gvt6p JF/w== X-Gm-Message-State: ALQs6tDHbA1klnpyZbYnKvlbUqz26ZRqho0xTrF3Hj+rG5KgEOSNQjG7 4iht5oKfrSP5m5ld+O0Tv40yjuVzVJz0v3ZxFJlv5Q== X-Received: by 2002:a24:684a:: with SMTP id v71-v6mr10242193itb.0.1522858853996; Wed, 04 Apr 2018 09:20:53 -0700 (PDT) MIME-Version: 1.0 References: <20180404125743.GB16242@thunk.org> In-Reply-To: <20180404125743.GB16242@thunk.org> From: Matthew Garrett Date: Wed, 04 Apr 2018 16:20:43 +0000 Message-ID: Subject: Re: [GIT PULL] Kernel lockdown for secure boot To: tytso@mit.edu, Linus Torvalds , luto@kernel.org, David Howells , Ard Biesheuvel , jmorris@namei.org, Alan Cox , Greg Kroah-Hartman , Linux Kernel Mailing List , jforbes@redhat.com, linux-man@vger.kernel.org, jlee@suse.com, LSM List , linux-api@vger.kernel.org, Kees Cook , linux-efi Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 4, 2018 at 5:57 AM Theodore Y. Ts'o wrote: > On Wed, Apr 04, 2018 at 04:30:18AM +0000, Matthew Garrett wrote: > > What I'm afraid of is this turning into a "security" feature that ends up > > being circumvented in most scenarios where it's currently deployed - eg, > > module signatures are mostly worthless in the non-lockdown case because you > > can just grab the sig_enforce symbol address and then kexec a preamble that > > flips it back to N regardless of the kernel config. > Whoa. Why doesn't lockdown prevent kexec? Put another away, why > isn't this a problem for people who are fearful that Linux could be > used as part of a Windows boot virus in a Secure UEFI context? It does - I was talking about the non-lockdown case. In the lockdown case you can only kexec images you trust, so there's no problem. Red Hat have been shipping a signed kdump image for years.