Received: by 10.213.65.68 with SMTP id h4csp918413imn; Wed, 4 Apr 2018 09:23:41 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/Zl/JSDCqqCeNOqWhXmoFEL9gemrs5J+4MpFrJ615OYLnJqjBHH7lpk2tf64aY6Xq0FsO8 X-Received: by 10.99.158.81 with SMTP id r17mr12667314pgo.348.1522859021806; Wed, 04 Apr 2018 09:23:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522859021; cv=none; d=google.com; s=arc-20160816; b=HnUbvga+diSn6ShjLYM+doLU1RETSNi4NhOAUcStX137DqJ1VGYSu1JwkzIzB+Mc5A OJbP8l+srUHG8kh3UaMVTQeG7cBtsS0faZ9+4qviSokhGtNTjLEN95X4RFWuWRab9Xvo dIT/qZv+SSWEiwufsreb+6dYjGem/S9OxBVNjwvGhhiAp1yIYZ2QI6vpI0L5jeV+lkWH Toayh+Qpq9+vXUUSqRQ/1cMHGoXvAUc8GxZ2pOh3Nrsl8/ua4QR3ujORUUgGYdl3pPjd stgZqP/jb91i/6ab3bIgtlYzoEhbTxyB2wokjVVMQSEQR+4MiYRSiszhF+vu5XZnbLLw ZauQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=BmzxQZqyHPg4EmfPJOWUuUuAOChc/P+bDRmuNOrA3rU=; b=yTVYXPrkJv+9zmOCYtGuRA/RDJjt5o7TwkzY90PwFt/q5kuJP1t4rUFdJ0eKVCOlss S/1Nq39SlAwaS0gIINIZbtvAanfdJmc6VjQ8MnFzxGYoQXPJsgjskxGTaCv3oVJKnm6w DhaUfuDtTu/cWFFjZ1vLiywPLbPnKzhEx8wJY1wuiuO5wOZu+URivIjmtchWIBX8MqvW NMd+aRPL442DhLNpyTks6u5jyazFbBoBXc5K3Kg8db5i6lVouxivfWD1UWE9jlaAlUFe 0+fW8mwojNmZ6XiVTlY4+vtzdCqKbGvEjCONTZw9n29Iy71++/RyRlO8TrH8qpuKilwe aV+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=iLyD4Byy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r7si3843869pgv.368.2018.04.04.09.23.27; Wed, 04 Apr 2018 09:23:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=iLyD4Byy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752246AbeDDQWV (ORCPT + 99 others); Wed, 4 Apr 2018 12:22:21 -0400 Received: from mail-it0-f68.google.com ([209.85.214.68]:51987 "EHLO mail-it0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752014AbeDDQWS (ORCPT ); Wed, 4 Apr 2018 12:22:18 -0400 Received: by mail-it0-f68.google.com with SMTP id b5-v6so18106740itj.1 for ; Wed, 04 Apr 2018 09:22:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=BmzxQZqyHPg4EmfPJOWUuUuAOChc/P+bDRmuNOrA3rU=; b=iLyD4Byyjg4kFUm6ygtrJ7GJo/cP3+Q+Hvdbzj21GDJ6MwHvw+539Rzr5XOVd88iVv hShmMwDX5Sh+6mlQfIhVXfejXWGJY/pYNw+pSxUPg5uzpVaNBD3NGm5u6sqLrZ2UoQfo 2HrVuMVbGGDIBlvodwfPJG3v55bKAyoFbpBvVyiyW30xRoft7sJfpiH5g+7RQ7tyWngU 2PHz9jsFMCFhffE2eaNv7+P5OKpB7UajyR/RHI4ZbxQ4t/svir4UiwkiQJmexgeY9iLj lwZ0JQnYy1ip2aCGFIwzzZfFYMlsEET1sbgb2Y3tcF4UShEmkAbQnWkqYt2cB0zlMS2W fzRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=BmzxQZqyHPg4EmfPJOWUuUuAOChc/P+bDRmuNOrA3rU=; b=hrOQxt4B1smJYoQxUIPvavxjoBFxGkWzRQdx2ZOBmYhEbxdPbYyfurL1qgozH8XBhs Bc9je26DqzW/H4kayBUhvYbx13lRmo2+h5vSl2YVjVgKeM6kIzqfnbxEAgPSk2qDZrd8 cMa96sVDpIBl3qQ7fyE0BEJ+yDBERQNmSZXYSC08oulUN3/NZEvRr7puX5o7C+ObpzPz JPY7c20MBBEp8NQDUb2uSu+UXKFYCenLvFKCWjvDf09fm9aQCNjrWXL/IFNQ7rvfdcmL eNfJdJdy0Tmv7K+M8230ySZdwOx4tneZ93CC4YJGVu6v3kDOScLSuCfUZUhGBKM2ARBU Q8bQ== X-Gm-Message-State: ALQs6tCVTsBMVWiFiRsSPZW6GoVFy1W83Pxkg3WXpbLMo6lwvMvc0Krc uFLvzeoVlEpqYRPHHG8zlzgp0q1qs74NtpGI0WhUGw== X-Received: by 2002:a24:46cd:: with SMTP id j196-v6mr9563525itb.8.1522858937381; Wed, 04 Apr 2018 09:22:17 -0700 (PDT) MIME-Version: 1.0 References: <24353.1522848817@warthog.procyon.org.uk> <20180404135251.GD16242@thunk.org> In-Reply-To: <20180404135251.GD16242@thunk.org> From: Matthew Garrett Date: Wed, 04 Apr 2018 16:22:06 +0000 Message-ID: Subject: Re: [GIT PULL] Kernel lockdown for secure boot To: tytso@mit.edu, David Howells , Linus Torvalds , luto@kernel.org, Ard Biesheuvel , jmorris@namei.org, Alan Cox , Greg Kroah-Hartman , Linux Kernel Mailing List , jforbes@redhat.com, linux-man@vger.kernel.org, jlee@suse.com, LSM List , linux-api@vger.kernel.org, Kees Cook , linux-efi Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 4, 2018 at 6:52 AM Theodore Y. Ts'o wrote: > On Wed, Apr 04, 2018 at 02:33:37PM +0100, David Howells wrote: > > Theodore Y. Ts'o wrote: > > > > > Whoa. Why doesn't lockdown prevent kexec? Put another away, why > > > isn't this a problem for people who are fearful that Linux could be > > > used as part of a Windows boot virus in a Secure UEFI context? > > > > Lockdown mode restricts kexec to booting an authorised image (where the > > authorisation may be by signature or by IMA). > If that's true, then Matthew's assertion that lockdown w/o secure boot > is insecure goes away, no? If you don't have secure boot then an attacker with root can modify your bootloader or kernel, and on next boot lockdown can be silently disabled.