Received: by 10.213.65.68 with SMTP id h4csp216300imn; Thu, 5 Apr 2018 21:54:30 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/hyhBNVhpuUEojzQBOLhFNUCE1VisPAyRFw1C3g+SWaGDw7caJ3k2PLoyidDiSY3zxiAo2 X-Received: by 10.99.107.65 with SMTP id g62mr6698808pgc.180.1522990470328; Thu, 05 Apr 2018 21:54:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522990470; cv=none; d=google.com; s=arc-20160816; b=p3GG5kzLw21hg5+wqkypvMqybEn80w/j7bDj/dZpqb0Psxxp+eAfQaLMkMhf2kshSN lLrJA/mbsxqUBDg4SL1nE+pI6p2NU273o6E9CNZTAUtuL+uasuJQhLrDL4Jl7BjtbP/M O4TgCEWTzYjAESpyp5sVYwEYqb+kf3XS3btWFaeXImiYcdLf6wYtoMllsBA2Y1merpw6 Ymk9nyxK5lBXiGLMuMQuGm3BPC3+JMXz9EDEkGlQYc2++U5ipyju43LDE7lkGY6mNNfA +PFyWSzyeiM4YCjoxUmT0PfdcVl9WOpjMwAdZecRzzG83FtSt/nCloQQlHs7M41GjbIv oOKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=IC3wCHqBJ1IDCMVUwkcS5/yNQcCPLX/R2fB55uA+9/I=; b=0Ejed7NZsJnWqj47GDlSZz/7mE1fdkYX+IDRkHtQd6L+1r8aMqAqVIUyiaVeYMIpVm goxXs9NmoRZCtLJLNNLP/6qPSNn1F08iB3uLrPYpzMqENfp4O8upDORhWFhiVqmO9p1u TzPZvP3D/VRGMk7lh/tmSLefl57T1BPQZoPdMBqm8o+JCZISt+Mfi9biW1i0gRl2TqwO MEdsw0Rzq3qL3WMeYbkvD0fVO/j4mskBJ9HBqFTK2Ge6EaHthmtkoKmAiM1RNzLI5TPL Q/yVH6m53t6Vgp+JrwqSslUHYRW7JwINeIJSucJlLylvFMi6aFUVxrVpkcImbKQhW6IK mBuA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=mqALxqd6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n18-v6si6341017plp.526.2018.04.05.21.54.02; Thu, 05 Apr 2018 21:54:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=mqALxqd6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752488AbeDFEm7 (ORCPT + 99 others); Fri, 6 Apr 2018 00:42:59 -0400 Received: from mail-wm0-f66.google.com ([74.125.82.66]:53414 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751447AbeDFEm4 (ORCPT ); Fri, 6 Apr 2018 00:42:56 -0400 Received: by mail-wm0-f66.google.com with SMTP id p9so227442wmc.3; Thu, 05 Apr 2018 21:42:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=IC3wCHqBJ1IDCMVUwkcS5/yNQcCPLX/R2fB55uA+9/I=; b=mqALxqd6dcZDkGlz5uBrccWxruPr0/nVMgIL+GibHU/YK38WMRfn5N6+M7Kds/9ie6 rGTCqys7E2jUPA6Mas6W+cInfQHGdbW7s/LTZGZucKPLUhl0V3887i7OJ5P603fUrZvu di/bM3fzx10DydXcwtjJIT8oc0tdXEq9ePay6k/+QoVVd+pVVtCma2sc4Qlp6LG4oH3Y F3Jpod/oaTEh8JyX42JeBJrxO9VkqHeD9vv9md64z6xiO6783N1wLSFtJeLLMAcgpzUE arUz0AZqpvCNP3hzPrL5DT5ALsqI9LBl1wzSoDWHnYmyIb/C/OTgLZq7dgeJQC2ageqV uJnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=IC3wCHqBJ1IDCMVUwkcS5/yNQcCPLX/R2fB55uA+9/I=; b=GEDqsU2lziGeKRgEpCVo/4HYW/ZSq0jTePnvyFkFpZbGL6BxZVMNjhh+lJ5hPeUqDA A2ccHsDyhLpWa2wheO0QendXzcIb/+RqtRp877zkwmE22VHEVpbt8SnNkPydP34Ivvtp FSWyOyGoymUtOwJX8xSXIlA5L4tjY07nyzqIOLDaHD65ImLpeaXKZkwMsguE6deuKLrZ d4BTJrmr2Axf3IJSnv1A/wv2ifYQksraqoEjnPZiooY5F08kwnZHTXjVI/hid7jFc8Tb khe8PEtCepMPRFc3pAHuRh1Fm7ckr09H8MUG/OcT18utUpDn4tJzkXEan6p/f99usgNT VPew== X-Gm-Message-State: ALQs6tC08PWTJ8n28jwhygRZqi4Rt2NYc6CHt1zBV0dJcfpgaQ6/GmCL FRysvTQCNyZ+315L3msYjOAKnIIGwH8INAcgfQ8= X-Received: by 10.28.148.129 with SMTP id w123mr9693218wmd.116.1522989774551; Thu, 05 Apr 2018 21:42:54 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.151.36 with HTTP; Thu, 5 Apr 2018 21:42:53 -0700 (PDT) In-Reply-To: <20180404184255.exdrtpqnxlqme7tl@redhat.com> References: <4136.1522452584@warthog.procyon.org.uk> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> <20180404184255.exdrtpqnxlqme7tl@redhat.com> From: Peter Dolding Date: Fri, 6 Apr 2018 14:42:53 +1000 Message-ID: Subject: Re: [GIT PULL] Kernel lockdown for secure boot To: Peter Jones Cc: Andy Lutomirski , Matthew Garrett , David Howells , Ard Biesheuvel , James Morris , Alan Cox , Linus Torvalds , Greg Kroah-Hartman , Linux Kernel Mailing List , Justin Forbes , linux-man , joeyli , LSM List , Linux API , Kees Cook , linux-efi Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > There's no inherent difference, in terms of the trust chain, between > compromising it to use the machine as a toaster or to run a botnet - the > trust chain is compromised either way. But you're much more likely to > notice if your desktop starts producing bread products than if it hides > some malware and keeps on booting, and the second one is much more > That is to say, as a result of the way malware has been written, our way > of thinking about it is often that it's a way to build a boot loader for > a malicious kernel, so that's how we wind up talking about it. Are we > concerned with malware stealing your data? Yes, but Secure Boot is only > indirectly about that. It's primarily about denying the malware easy > mechanisms to build a persistence mechanism. The uid-0 != ring-0 aspect > is useful independent of Secure Boot, but Secure Boot without it falls > way short of accomplishing its goal. > > -- I am sorry the issue here this is really expanding Secure Boot to breaking point. Yes a person wants a secure system having the boot parts verified by some means and using a lockdown is advantage. Problem comes in with the idea that UEFI Secure Boot and lockdown are linked. If I am running windows and linux on the same machine Secure Boot need to be on so windows run happy. Remember its my machine. If I wish to compromise security on my machine because it make sense I should be allowed to, A proper lockdown would prevent you from messing with ACPI tables it a very creative hack have kernel load a DSDT and have it from ring zero turn bits in the kernel off. The reality here is we need to be able to operate without lockdown due to how badly broken some hardware it to configure system. Yes the need to include option to push button to disable secure boot is required due to how badly broken this stuff is. Of course this does not address the issue that if I am working on a system from remote or embedded where I don't have the push button to turn off as a option this is still a problem. Effective lockdown has to protect linux kernel boot parameters, initramfs and other bits from being modified as well. This lead us to problem with the broken hardware in a machine we cannot turn secure boot off we still need to perform all these alterations. We do not live in a world of perfect computer hardware so at this stage proper unattackable secureboot cannot be done. We would be better off putting effort into improve means with UEFI of adding own KEK. This is so that only boot loaders and kernels from the vendors user has approved in fact to work. There could also be a configuration KEK that gets disabled after all the required operating systems are installed. So Microsoft non OS KEK makes sense to be the configuration rule breaking KEK but the current deployments of UEFI don't have a off switch option on it. One KEK for everyone who is not Microsoft to boot with is highly insecure. UEFI secureboot falls way short in the validation department currently because too much is validated under one KEK key. UEFI also fall short due to failing to provide a system to protect boot parameters that can alter OS behaviour and make a secure kernel insecure this include kernels with this lockdown patches, Really you need to compare UEFI secureboot vs boot loader and /boot on a read only media. Every where you can change something in the UEFI secureboot without is being signed that you cannot in the read only media of the boot loader and /boot is a defect in the UEFI secureboot design and implementation. If boot parameters were properly secured there would be no need for lockdown query if UEFI was in secureboot mode or not. Also lockdown being on and kernel and boot loader not running secured still would provide extra item attacker has to get past. So fairly much remove the EFI interrogation patches and work with UEFI to fix it properly. Hacking around these UEFI defects means we will end up being stuck with them and the system still not being properly secured. Peter Dolding