Received: by 2002:a25:f815:0:0:0:0:0 with SMTP id u21csp2375962ybd; Thu, 27 Jun 2019 11:16:47 -0700 (PDT) X-Google-Smtp-Source: APXvYqyw8kjdOV6GLGQpk37r6ahmBmE45ZYccUwoGPH0FewsWIqDk3XEQYZr8FpO7O1T1zukDzJ0 X-Received: by 2002:a17:902:bf08:: with SMTP id bi8mr6356574plb.189.1561659407604; Thu, 27 Jun 2019 11:16:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561659407; cv=none; d=google.com; s=arc-20160816; b=HmtZWguPpjFHZJDIq/mrOGqcMPWS7vbls8Nzy0/8eHiQ1A/tAcBmI/ellh03iT1UjD JdQfVIDeBTl4guPRRpw/gHPU86KhEeMB+rnEUIRlC7VOhjTJWvjh9xPp1Cu8YIo8/ZgQ mPVvPvTq/1GdMUUQEIU6DtTrUN4ocne1OTqjJ4lThUVKYOWU+alUM+Oz9IkLj+1qpe+I w6FAA+fROhzWDyojsOAhrRzIZgE1v3xc4cMmc/aDW42vxKTLMpewLoZDBvFOX/E8y3x0 qJN1Eylr6Hk39RooqtSjbMiMezeWPo6elnW+nTGqpxgXTrXcgeSzB4GZvnDXDsaQSwmO tzZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=A4vO3IUMiZ8g1Xxmjnerhu1evzNuDoD/KSy0KDnjqBc=; b=gjlt023oSvA8zu/nOBPPSM1hWdwZuM9XHGlr9aR4ST8BRCNr+RAVkPk88NK3bW705u DmBFZON1SmIrnmc99NzSEcAkOPZsGzgiypPRF8mpRvSlUEKS9ZTsk1CxTS99iDhRXvgt YbPuML3S2zlY0uB3j6rzXHMY3RJWisaKj0hKWdGxAfg+j/cIlVlhfaulBIzxYJgUtRQ9 fGJvjAlLSZkaxPjEuDTVzUAo/ExcTKP4CZ58vK+TGQcJc2j3R3E4EA1HNWJW0vccPTjS +s5SIJlSupNFq4rk73clOjteCZnM7l5NxOADGUMTRPVihFb+TXYk4DnaYrpBFszzG0aR pbzQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 12si222480pfi.213.2019.06.27.11.16.31; Thu, 27 Jun 2019 11:16:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726645AbfF0SOx (ORCPT + 99 others); Thu, 27 Jun 2019 14:14:53 -0400 Received: from namei.org ([65.99.196.166]:49192 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726502AbfF0SOx (ORCPT ); Thu, 27 Jun 2019 14:14:53 -0400 Received: from localhost (localhost [127.0.0.1]) by namei.org (8.14.4/8.14.4) with ESMTP id x5RIEUPY018953; Thu, 27 Jun 2019 18:14:30 GMT Date: Fri, 28 Jun 2019 04:14:30 +1000 (AEST) From: James Morris To: Matthew Garrett cc: LSM List , Linux Kernel Mailing List , Linux API , Jiri Bohac , David Howells , kexec@lists.infradead.org Subject: Re: [PATCH V34 09/29] kexec_file: Restrict at runtime if the kernel is locked down In-Reply-To: Message-ID: References: <20190622000358.19895-1-matthewgarrett@google.com> <20190622000358.19895-10-matthewgarrett@google.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 27 Jun 2019, Matthew Garrett wrote: > By that metric, on a secure boot system how do we determine that code > running in the firmware environment wasn't compromised before it > launched the initial signed kernel? Remote attestation tied to a hardware root of trust, before allowing access to any further resources. -- James Morris