Received: by 10.213.65.68 with SMTP id h4csp1314968imn; Wed, 4 Apr 2018 17:07:32 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/Ob0bhZ0U3C8kmHyXGfY6fBZe4XomtflrPAiG/0/XvwrRlY5DVn/XRaLR4qTQYJuATbWRa X-Received: by 2002:a17:902:b789:: with SMTP id e9-v6mr15078793pls.246.1522886852137; Wed, 04 Apr 2018 17:07:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522886852; cv=none; d=google.com; s=arc-20160816; b=M+uE2mtp/oK+D9N46ZGaQriI8o9PP3Km/geWpS04rJXuv7fK/HFvGy1i9Z0mjCMXVV cBDnvZedldruBOVLuSKEqU7G5mDWg2yYOwtxdKG1YGKTPk2omIN8C2SQwbzF6IEmgmMI vJj7HfxXgYjOs6w2QeAqxvFetoOj8YKxcyNwlxNYD2vwvd7mrRqCW7E0/11HDlAlM5yG mvl1AdgUCGdHQIRAgT1hmwJ77CWQBFZTVCZY7ZO7CyXaHM5efy1eTDjLo/54yEYmhy9w yJSHOOlyPM7hHIgr9ZXeGur7K1VAlwE7H6FEj8U36JEBcq8EnnOIeIyuKj4OR84SyUgg kVUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=RG+rVwR9KGBm5thqi8+L/4QTvPn4GmvRZeJqV5G7RgM=; b=HwIBMd8BHANUeaxv6eYJwzzU4vc31GZIAD780q2A2/wsOAbNZyxgO//YLjxKz2p96Z /1F9AClcSS+PS5Lv/uZmkxdsvY9d3om5mGkxF+6z6r+okP+pSojn/U4YKHA6czgdA4W4 Sz26ird9+Yw+vBlPzJ+L/SllA2G3+qTONArp4185+7gLkS2MizJayJR/8S8WSBYSgGlm KfpQXu5RHHVjuZmI7l3vMJGp5KKakvbTbg+xh1Lm6f91Rm2bZdMYeVoXlhZZV5LrwMbU +k4h0AQQmkjdOUThWHejcG9DyOlQ3GqlZGQpT9+LKiramWNY1V9fzv/ISySz7EBDfE2q ff5g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=b0vfQs+R; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b18si4268888pgu.116.2018.04.04.17.07.17; Wed, 04 Apr 2018 17:07:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=b0vfQs+R; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752718AbeDEAFu (ORCPT + 99 others); Wed, 4 Apr 2018 20:05:50 -0400 Received: from mail-wm0-f68.google.com ([74.125.82.68]:35563 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752311AbeDEAFs (ORCPT ); Wed, 4 Apr 2018 20:05:48 -0400 Received: by mail-wm0-f68.google.com with SMTP id r82so1837737wme.0; Wed, 04 Apr 2018 17:05:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=RG+rVwR9KGBm5thqi8+L/4QTvPn4GmvRZeJqV5G7RgM=; b=b0vfQs+RWWmHVL3hJ1IUMn2qFq6WHy4dD9TTLsqQvIv4wAAH3xfvcqkqsAVybgwGcG qY2uyLvurDPKcMRGiNPuhxhvCRhzX/lU3vKNYYbRPyJeT5e4GSnqJfgJtgwpd/Y257Pj q3V32Bl33UW2Fk73SAXkYx7Ax2cxvZjuWHnyajZT2QXVC30VcD9ocPwT8C9dQRiMPGA0 o5Bdx1mIckQ3iZRBcDrcJbPpzZxifxBcs02vW5VhUiFlrNyAz5dOCZSMIsxR89V7vWnl +iZQmpmPGeS6P7sowB5sA/5XHrabKRRORSAj9S7ROACI4KrgwKC3hFV6Att2AfE2kDo8 lv2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=RG+rVwR9KGBm5thqi8+L/4QTvPn4GmvRZeJqV5G7RgM=; b=Q4r2ibUv5+reQHGCOeFXF/+vB07UUya89nM0lNkFFc3F3tNNAb3auZlyOqWAKmOJ8g aAdvVMzpOXNookjDB04tcboQOt7YZ7SMwTUMSrrRDJHLjIu9RSJb0jxLDwdi6h3cMnVO c+pQjeWJ+UBH8qYuRTMLryabzcErqV58JK1SdOG06NXH9IENfuOKPiW6TbIXeF+sJ9Xb 6jLCCJrYnyc51T7P2Gu/TWsVrDOLM0ub+QG9qIdm10+qevTDmix5i8u1VMJdSG1lkKVd 8utbv+WgB6Vr3jF2gacg9537YPqa15f5ciJyPa8PKmeBQCrnrbGgmpP05jbcrhPTd1+g 8zeQ== X-Gm-Message-State: AElRT7GRw8aV5PvgVXQ0nqVPEUpKEaL1B4DQsQCpt3JignIexeFIeqKy iFshvUred5k/x2L5PR0wNjHPD4fLxNR69JPJOVU= X-Received: by 10.28.4.86 with SMTP id 83mr8101508wme.13.1522886746051; Wed, 04 Apr 2018 17:05:46 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.151.36 with HTTP; Wed, 4 Apr 2018 17:05:45 -0700 (PDT) In-Reply-To: References: <24353.1522848817@warthog.procyon.org.uk> <20180404135251.GD16242@thunk.org> From: Peter Dolding Date: Thu, 5 Apr 2018 10:05:45 +1000 Message-ID: Subject: Re: [GIT PULL] Kernel lockdown for secure boot To: Matthew Garrett Cc: Theodore Tso , David Howells , Linus Torvalds , luto@kernel.org, Ard Biesheuvel , James Morris , Alan Cox , Greg Kroah-Hartman , Linux Kernel Mailing List , jforbes@redhat.com, linux-man@vger.kernel.org, jlee@suse.com, LSM List , linux-api@vger.kernel.org, Kees Cook , linux-efi Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > If you don't have secure boot then an attacker with root can modify your > bootloader or kernel, and on next boot lockdown can be silently disabled. Stop being narrow minded you don't need secure boot to protect bootloader or kernel the classic is only boot from read only media. Another is network boot using https can coreboot firmware. This checks the certificate of the https server against selected CA before downloading anything and as long as the firmware is set read only in hardware the attack has absolutely nothing to work on. In fact the network boot form https server is more secure than UEFI secureboot due to highly limited parties who can alter/provide the approved boot loader/kernel image. Having root user rights does not override physical security. The fact there are other ways of doing bootloader and kernel security other than UEFI secureboot that are in lots of cases more secure than UEFI secureboot due to using more limited keys is the absolute reason why lockdown is required without UEFI secureboot. It would make sense to extend kexec to support UEFI secureboot verification and also kexec to have frameworks to support other security options like https server storage of all kernel images. Please note kexec supporting UEFI secureboot verification should also support booting non UEFI secureboot but verified by some other method and having own PK/KEK set for kexec and this would be when the Linux kernel is placed in firmware and used instead of EFI firmware.. Please note there are many UEFI firmwares that with secureboot off allow setting up secure https bootting where you are not in fact validating the boot loader or kernel but validating the source you get them from. There are three different ways to achieve a protected boot process. 1) validate the boot files.(this is like UEFI secure boot and many other methods) 2) validate source the boot files. Yes this can be apply key check to image if image is not signed don't boot from it and the image contain boot loader and kernel then not bother validating the boot loader and kernel image/parts individually same with https. 3) make boot files read only. All three achieve the same level of security. If you are using any of the three lockdown option may provide some benefit. Yes https network boot effectively does 2 and 3 so making having a very limit threat against the boot process. Remember there is more 1 way to skin a cat just like there is more than 1 way to make a secure system. Currently being too narrow in methods for doing protected booting. Peter Dolding.