Received: by 10.213.65.68 with SMTP id h4csp924521imn; Wed, 4 Apr 2018 09:29:55 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+wJ1rE8OzCPGxRg6KZu2Tgo0gVSFMuNk4M+Md4Oeb/y2+eO/D/+gfMfAwoo1tq2w7HrL1E X-Received: by 10.98.165.19 with SMTP id v19mr14458493pfm.51.1522859395215; Wed, 04 Apr 2018 09:29:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522859395; cv=none; d=google.com; s=arc-20160816; b=BEVs7Iq6ZTN5RKxA9VS+oPk44enbjTk1VIriLkdqgpZwVjcRsTck8g39af5oaBdjV7 iUmUVEclXr6qEQt+k7eR+E4GOfeIMLraheO+kL+APmhu5Rkthyu1ynve0firhB5+DYFN NPkmDykfylrqqFK2Vr/IrF6AdhaZUDkKdQnHdEUa4MjAaO4GaCwvqAqHAPBYyEutqWp5 F/AFYMjplBAQSQ7a+KRckD8QZFEDAQFPhG6fDyhX/0+4YH1lqIVc73bImXP9IuiYXPT2 zgIotOJeVFa2R45GqUpjl/mE6PfCgHmjuzR66Yurc1XDxto+nTsuuRzwDR/zuNZvCcLT vrIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=sBtzwGSXR4jP75xl27dxthTLM021Kjuc+O+BgaDebFU=; b=YLPASeUAExDrLLAOoV7wBMEtVpbaowDAhpRWHE86lMeVeCfFIk7jHteT5Cee6WygYA s1ddLGCsMf4x+VWjmtP+Gl+oQOJm9w7neyOdkRU3EUierYxZ6MT887MkSgcr638oBlz2 E7iEdK1qeAW/Gm9WRtKuPyG2IAUwJ0aSUt4cpNFX0jooRWWGd2UIDXrQCbuDXuTdYCUG ZIIZLMZWEQv3AYTsV7OhhCFj7fTbxoFrt8irV/CjbPa6eM97yEgZMr4IBZ1Bocl7Jl9U sEjQByXCkN6J2ZYge/DBvny5xik+SSM+b77Wa3D31TUHuutTHdzdXMLHjM1bRb0pHXTU Zr9g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=CmDcEIMz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h70si3860179pge.814.2018.04.04.09.29.40; Wed, 04 Apr 2018 09:29:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=CmDcEIMz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752286AbeDDQ06 (ORCPT + 99 others); Wed, 4 Apr 2018 12:26:58 -0400 Received: from mail-io0-f193.google.com ([209.85.223.193]:35876 "EHLO mail-io0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751606AbeDDQ0z (ORCPT ); Wed, 4 Apr 2018 12:26:55 -0400 Received: by mail-io0-f193.google.com with SMTP id o4so27066211iod.3 for ; Wed, 04 Apr 2018 09:26:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sBtzwGSXR4jP75xl27dxthTLM021Kjuc+O+BgaDebFU=; b=CmDcEIMzGhgxlc7P5C4uKdeZWfKJ0TIGTaMCm4VeUhk+6zylth86H9R15ZRuaHI0T1 D//tiWrY89VmquvsrKtsTiCMR8TCTgWoGnXgdUOgUxznoVRNPYfPSWImqaOyb8YioIBB GfqW6yJDSAew0Qx45lAJkJ9EnO7ied1oi47oARl2tC6j9RegBAMAQ5Sc8rufw/iLamTu BoXJ2HUIOLh2xb99Ea3hfdbsqYosV40i6BTfXnSrgFYjjr/9KgZ+h8QnfIqFKJckSPQe v3ksQVuxszqoToXgwJwRQadRKPRHwFMZqMFHPq0+eSjg8QvmaykNIn9yupSnXy4gMCsc D8SQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sBtzwGSXR4jP75xl27dxthTLM021Kjuc+O+BgaDebFU=; b=qRram+kCVeywF1Nj9hHOu+WxFsd4dlfp2l3/J41OpCQYFDPOB8JKwhCAAOrSC0V+nU LHegCTEHWZMmJ0wmm7QLSOMomwPPY6KAdbT5kgGxjg8wEiISKIuVD033yDq0Rbt9wr6E cntfp1QpomdmDYJ4lCCMZ567vWzXByL2Dj7fBTIG4XjL2KdL5awhbaKFYlm4kpzBKt+d fSdau9KwbTlj+fuNPnV2xByIVv9cSWFG5Nhl/gIrIY0pEhthF8wPu2PyR0x5HTIz7CQX 3vkUzTNkZcm4BpmSZu0C1mtc02sKbYGkj9UG8HeYrAmAeVot2BgQ03uorz+SO1fzcvNj VxXg== X-Gm-Message-State: ALQs6tAVuF1qyPYRukl2YwCfEA5sswVsYX3Hzdy3JEzwXbpGc8DEDPmp KhJYjKXri7xe9bEVgtlIoOMgVXg0Ng4TiTLG67+9pw== X-Received: by 10.107.8.32 with SMTP id 32mr16122756ioi.136.1522859214249; Wed, 04 Apr 2018 09:26:54 -0700 (PDT) MIME-Version: 1.0 References: <4136.1522452584@warthog.procyon.org.uk> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> <9758.1522775763@warthog.procyon.org.uk> <13189.1522784944@warthog.procyon.org.uk> <9349.1522794769@warthog.procyon.org.uk> In-Reply-To: From: Matthew Garrett Date: Wed, 04 Apr 2018 16:26:43 +0000 Message-ID: Subject: Re: [GIT PULL] Kernel lockdown for secure boot To: oiaohm@gmail.com Cc: Linus Torvalds , luto@kernel.org, David Howells , Ard Biesheuvel , jmorris@namei.org, Alan Cox , Greg Kroah-Hartman , Linux Kernel Mailing List , jforbes@redhat.com, linux-man@vger.kernel.org, jlee@suse.com, LSM List , linux-api@vger.kernel.org, Kees Cook , linux-efi Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 3, 2018 at 11:56 PM Peter Dolding wrote: > On Wed, Apr 4, 2018 at 11:13 AM, Matthew Garrett wrote: > > There are four cases: > > > > Verified Boot off, lockdown off: Status quo in distro and mainline kernels > > Verified Boot off, lockdown on: Perception of security improvement that's > > trivially circumvented (and so bad) > > Verified Boot on, lockdown off: Perception of security improvement that's > > trivially circumvented (and so bad), status quo in mainline kernels > > Verified Boot on, lockdown on: Security improvement, status quo in distro > > kernels > > > > Of these four options, only two make sense. The most common implementation > > of Verified Boot on x86 platforms is UEFI Secure Boot, > Stop right there. Verified boot does not have to be UEFI secureboot. > You could be using a uboot verified boot or > https://www.coreboot.org/git-docs/Intel/vboot.html google vboot. > Neither of these provide flags to kernel to say they have been > performed. They can be modified to set the appropriate bit in the bootparams - the reason we can't do that in the UEFI case is that Linux can be built as a UEFI binary that the firmware execute directly, and so the firmware has no way to set that flag. > Now Verified Boot on, lockdown off. Insanely this can be required in > diagnostic on some embedded platform because EFI secureboot does not > have a off switch. These are platforms where they don't boot if > they don't have a PK and KEK set installed. Yes some of these is jtag > the PK and KEK set in. > The fact that this Verified Boot on, lockdown off causes trouble > points to a clear problem. User owns the hardware they should have > the right to defeat secureboot if they wish to. Which is why Shim allows you to disable validation if you prove physical user presence.