Received: by 10.213.65.68 with SMTP id h4csp2215306imn; Thu, 5 Apr 2018 10:55:34 -0700 (PDT) X-Google-Smtp-Source: AIpwx48odufd9eCW5WTHz6tbwnHHa5WlnUZwRgAMm4H4MHGwei1onednKgtTOWnf1Cl4oT9VKVyv X-Received: by 10.101.97.165 with SMTP id i5mr15354295pgv.449.1522950934732; Thu, 05 Apr 2018 10:55:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522950934; cv=none; d=google.com; s=arc-20160816; b=iQR3AU1pzjM21bodtsBJ6fWz6pedFF/1Sa6lma/L75yEkaDC25NxLjqlEzbcu+Cn84 o1Jc61YEDr1iiWMMbhXYfYMJ9xCbAhdPBrKWXuNSJB+8DppKwBinAMQ1WVJAASopGEXe PWSXiZD1BhILyIclZaHxjIU5NdwWWS4dZD0VWQ2BSDhaWMnjqB+rY8p6grJZy9Q6uCXQ Ul3pemj+xaPqo2V+Ek1SpE29E9VgzJbNeuQwb/bTGcX7+J+auQKlBT2R7HbVdw9Rbkx2 zAZ1hJgJzl2oXZ02Gw01d110gJtqVDa1FUVev+N56x6SLhSkVaBs7hg/VYmYdbf/d9BG 3Ssg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:arc-authentication-results; bh=gTo1SJRTi9AndskhrmEqCaqt8msxKb+PzdHqtIm2K70=; b=c2kEiBgrkji3+UELGBHkzsXrVUo2oDhgrgbxKviXe9IVs6uhq6I8T+RKZLtQ19yjCc Ew+DJVTBm4kpP9WflEVAG024MV08i4/e/Tbf+CdYCrzu7h/nLS2tkbEflxNd4Zj8Xaxm qEzZwY29c9GV/bsVa1epChahWvwP6zGXkS584HXoB9S1olwE/OLqndiaUCZm4uO550c0 rPKMuTzqoZrAvIWmrQOwL/EH+CrdnZzzfozVTNQrz+9Fr1Kynnw2Tz482x76xlUbhavC YR6oVew/wGaOqMJh3bJGhGGdj0cJqo7fbxRsOvCvzZClHoI/AqD7P+BipZUwPTBe+kSY YRig== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z18si4895620pgc.207.2018.04.05.10.55.20; Thu, 05 Apr 2018 10:55:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751506AbeDERyR (ORCPT + 99 others); Thu, 5 Apr 2018 13:54:17 -0400 Received: from www.llwyncelyn.cymru ([82.70.14.225]:51452 "EHLO fuzix.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751274AbeDERyQ (ORCPT ); Thu, 5 Apr 2018 13:54:16 -0400 Received: from alans-desktop (82-70-14-226.dsl.in-addr.zen.co.uk [82.70.14.226]) by fuzix.org (8.15.2/8.15.2) with ESMTP id w35HrmrR017449; Thu, 5 Apr 2018 18:53:48 +0100 Date: Thu, 5 Apr 2018 18:53:47 +0100 From: Alan Cox To: Ard Biesheuvel Cc: David Howells , Andy Lutomirski , Kees Cook , James Morris , linux-efi@vger.kernel.org, Matthew Garrett , Greg Kroah-Hartman , Linux Kernel Mailing List , jforbes@redhat.com, linux-man@vger.kernel.org, joeyli , linux-security-module Subject: Re: [GIT PULL] Kernel lockdown for secure boot Message-ID: <20180405185347.2785eb8a@alans-desktop> In-Reply-To: References: <4136.1522452584@warthog.procyon.org.uk> <17792.1522491600@warthog.procyon.org.uk> Organization: Intel Corporation X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.31; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > Furthermore, there is a fundamental deviation from common security > sense here, where things like command line parameters and other > lockdown specific tunables are blacklisted rather than whitelisted, I've been complaining about this from the start but it appears to be a write only authorship process going on. Alan