Received: by 10.213.65.68 with SMTP id h4csp1138551imn; Wed, 4 Apr 2018 13:20:21 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+aUYE9sKYNSLoGNaZnMw5qqWpY5GULsHTcakGahkRwRZJXnR8sei+5fM7cDTGzusY75sAl X-Received: by 2002:a17:902:850c:: with SMTP id bj12-v6mr20228793plb.110.1522873221945; Wed, 04 Apr 2018 13:20:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522873221; cv=none; d=google.com; s=arc-20160816; b=sY588p2vJrC0w9YB1AMW66FNaYxbq2epfrPu8ss5MzmpvuIfNhOEb79/cun44/djE/ GW4uPOtVG4O+zoG594o/LkmSxxSU8GuBhJKzy3XvHBNZQAcezXcTJpfhgjaso1hUaEky v4e8OZQOZVABCj6fHlkxE9xK9c5d3IOIsFy8CG2YZrv89CLpLcMLrTX4sIpobnDmH6KD NPJmwTsUqJqaigfZtMaWmtHqkPgQJylZrwOEm2L9h8cOnF7wrxyE5qrknkfZ+pDJtikh 3eK8KRkRleGdXIXw13AMPOjracU/ke8jvtDt2j+yCzCSA7xOJRWhE7gs6qhoRYePrC/f 83Fw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=xjJ54Q4t2P45YzOljT17QLn0y3fE23iX1RyP+5vMP8Y=; b=ED5N7LJ6d9w8e7ME/UPUqFhPKoyWaRRkaqC5lFSTWL974EW9o95NoUKVucKIvHPIQl 9e9XbY0PTCQwHphUlkYY28uBVBccvy3xf+79der91rm0Ad86oEUvEpIuHKt9aLxNmnL1 ghIZBIe5BAEQOvpg2hJG+6n9DfQGgn7MVR+d4gZtgUmNs0QNSt4EOn9XhOuk41Bbvtyq 8La1xl0TjEYvyYkSuY4jpqiloZ/fL4yTt3hvWBePxikragPIr6QyLAhQDx/Q8vWfLJGj m1yMstprC9rsj5wSO3qpYZGFdJdGIOY6COmleNO/jFzHgpZ0e7M8xxviRv1YQdKSLsgZ gIIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=TYmo0aLa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p3si2807732pfh.84.2018.04.04.13.20.07; Wed, 04 Apr 2018 13:20:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=TYmo0aLa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752117AbeDDUSx (ORCPT + 99 others); Wed, 4 Apr 2018 16:18:53 -0400 Received: from mail-it0-f65.google.com ([209.85.214.65]:50698 "EHLO mail-it0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751516AbeDDUSv (ORCPT ); Wed, 4 Apr 2018 16:18:51 -0400 Received: by mail-it0-f65.google.com with SMTP id r19-v6so218206itc.0 for ; Wed, 04 Apr 2018 13:18:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xjJ54Q4t2P45YzOljT17QLn0y3fE23iX1RyP+5vMP8Y=; b=TYmo0aLaIw/HuYUUGiHL6Aqcj62qMalcve62NggJEfJqP+ISFGuGYhwY34Xgu+h6Ad Z4oVQe9hfeIF+fhPl0H22EbOI4/IREUxaEmHg3aUMAIu163MPfPjemSrmO7GWLrFi1u9 wyFqTP1+8IrMfFs5cUTbfA2wQNfx4XNUMny/F/nJxKm74hvgsOP/ZwWxAGVy//CF7Wuk PxT7ApVfrkwqFqe/Y1D4eGQpO+iBel0fhvatVWVOaYHOcRposCKmiMGpJTAAsfx4z72r I+0AIKjV6yI1UvlCBCnrsmpZ/IssjWNlQ8vk+pU0GdjsetjJ3xyMycJWzVhiEu4aP2v0 3eXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xjJ54Q4t2P45YzOljT17QLn0y3fE23iX1RyP+5vMP8Y=; b=am/gT2ztVkDpVVqRm2IpUo4gMFjdDYwqHAZWWL1Un4060BhvIdVr63Pb9eTVp5NqCG QILVi8DLGcUM04LNucnZ+gKOSAtE4r7P0QqEhdVwqLFqj2d37MPtlVNi57OTesOpxif1 MxgFtK8W9kxmIbWuwfTTWNGrxZ2tkW+7hagGE3p65rOPiMYutLjJxkkIXt8FP03mdjEl /jDHqDrCFFl8EFnLeZyro8XEj61YBZuPW37PvDeWG6z4pkvbZF7bkG87+zvpo/JcqR5k n+0Yy6K43hIDu90lmD3AdHRGjYkpP0rldTmOAfE0RzqfPHDGE/ls0JChMPh0SM9hqb0i GKcQ== X-Gm-Message-State: AElRT7F+TDEZzFn64cirnHp/VcufMID9DT1+6W69qaGvVH+pptZbVzoK 2B4rRaNNnDRBH8tvJalQYX7n6nP4m2Lcd/5qyDp2vQ== X-Received: by 2002:a24:530f:: with SMTP id n15-v6mr10448301itb.123.1522873129803; Wed, 04 Apr 2018 13:18:49 -0700 (PDT) MIME-Version: 1.0 References: <4136.1522452584@warthog.procyon.org.uk> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> <20180404184255.exdrtpqnxlqme7tl@redhat.com> In-Reply-To: From: Matthew Garrett Date: Wed, 04 Apr 2018 20:18:38 +0000 Message-ID: Subject: Re: [GIT PULL] Kernel lockdown for secure boot To: tglx@linutronix.de Cc: pjones@redhat.com, luto@kernel.org, David Howells , Ard Biesheuvel , jmorris@namei.org, Alan Cox , Linus Torvalds , Greg Kroah-Hartman , Linux Kernel Mailing List , jforbes@redhat.com, linux-man@vger.kernel.org, jlee@suse.com, LSM List , linux-api@vger.kernel.org, Kees Cook , linux-efi Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 4, 2018 at 1:01 PM Thomas Gleixner wrote: > Now where the disagreement lies is the way how the uid/ring0 aspect is tied > to secure boot, which makes it impossible to be useful independent of > Secure Boot. It doesn't - you can pass a command line parameter that enables it, or your bootloader can set the bootparams flag. I don't see a fundamental problem with offering the opportunity to change it at runtime, other than that some stuff that was previously initialised may have to be torn down. The reason for having the UEFI boot stub *optionally* check the secure boot state itself and make a policy decision (rather than having the signed bootloader do so) is because the kernel can be launched directly by the firmware.