Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp1241526rwp; Thu, 13 Jul 2023 08:07:34 -0700 (PDT) X-Google-Smtp-Source: APBJJlG+ampA47RfbYsgEIZ01UuffJ+svCchyPUMdSLZi4kRR0RcFKkZvX8X2/2zNDsVeqAYaabX X-Received: by 2002:a50:ed94:0:b0:51d:95f2:ee76 with SMTP id h20-20020a50ed94000000b0051d95f2ee76mr1849071edr.27.1689260854387; Thu, 13 Jul 2023 08:07:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689260854; cv=none; d=google.com; s=arc-20160816; b=WFEHltwfIgCJ9lmvxgOBArRLMhQNTDIEdbmMJR3lCmZifhJPK6LJZqFo9q4oTFkrHX svWxqFWkcVJdW5FR7QoiOeAeTS03Aq/j3FXUon2NzcDe93iRNLZ5W5KAKDv87GmdE422 RrX5VQUgNjOwxaSJFNUiZnFH+8/EPIZPqpNYaWqIVEiwFYhEnir8ihLgMbHQUkGFdq6A g1luh4OqhB8kBdznTGGnRjOustAc8RyMu6rDCuGpTUNgu3sTlU3CnobTvdIyaDmZu9Wo ZTywJKbYXMxZsQxzIIPN8Yb228cKL8aCstF7BKceTXAvHEPaSXPsVNiTYM+OD7R+6BFl 6V1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=CO9FSKdrMxsaBkBPRR5skzNgy6Xc9djD5lfk6SYZ4Zg=; fh=OQSolj+waJoc7RGjnn7AUnjmpV03YzTZDIyvbZXCO/E=; b=ethQsYCqHkNg4/bIYrz/pB+F+0FGdPlfjHSBJx4U8gT3x0GzI7OTQtI3vXZdzyhiM1 4T4kLeNnl9nh6pVeyqbozyiE0VAmpC8G7vLMS/BSuVxw2Ckxe3lg2uRtQdKXxTlNx9a1 +wXKKr3gwLkh682Q8m6KJrQ2NB+Czbp/WAGgfO7++cUukxC0K8x8BBVErf3pz4kuQgSg p6dsjnSRFwE/Uy1GXmgV+YRI7Tt+BnLYIu/FRODe1K0/4PwiI/oKXJlPv5M0bNJ59jlp 5tx4Pb7P47tPGaNUHWTXSOMsb1lCS8UZvY6/VwTe8HyrkPWnXV1omUSEn7AXV4pHPCbB xXxA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=2bsQGyG7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l12-20020aa7c30c000000b0051e02815eb5si7637553edq.476.2023.07.13.08.06.58; Thu, 13 Jul 2023 08:07:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=2bsQGyG7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232207AbjGMO6d (ORCPT + 99 others); Thu, 13 Jul 2023 10:58:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34878 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232297AbjGMO6b (ORCPT ); Thu, 13 Jul 2023 10:58:31 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 512962D6A for ; Thu, 13 Jul 2023 07:58:25 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id AE31F61861 for ; Thu, 13 Jul 2023 14:58:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 53B49C433C8; Thu, 13 Jul 2023 14:58:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1689260304; bh=iX5N4lE4KxY1+QurnpsBhAWrrYlJ3UK4/HtyY/Fl9r4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=2bsQGyG72H86hiUhtA+0fbARJwTDmdBtfogG0HfwCJcJzTo/H0Z4NF41T9OJyJhME EJ6O+EI/ZGegyF5aA41yrWNJIJEpmXq2INifT+P2ByzxnjzkAHjt5W78gnLq155K3H VYJ8NgPv4WN5Ymc6Uw2Dn+00hqFlJsTqjVGMj0p8= Date: Thu, 13 Jul 2023 16:58:20 +0200 From: Greg KH To: Vitaly Kuznetsov Cc: Emanuele Giuseppe Esposito , x86@kernel.org, Thomas Gleixner , bluca@debian.org, lennart@poettering.net, Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Andrew Morton , Masahiro Yamada , Alexander Potapenko , Nick Desaulniers , Daniel P =?iso-8859-1?Q?=2E_Berrang=E9?= , linux-kernel@vger.kernel.org Subject: Re: [RFC PATCH v2] x86/boot: add .sbat section to the bzImage Message-ID: <2023071329-persevere-pursuant-e631@gregkh> References: <20230711154449.1378385-1-eesposit@redhat.com> <2023071237-private-overhang-7f86@gregkh> <875y6o429i.fsf@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <875y6o429i.fsf@redhat.com> X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jul 13, 2023 at 10:57:45AM +0200, Vitaly Kuznetsov wrote: > FWIW, > > this was an RFC to answer a fairly straitforward question: is upstream > Linux interested in / is a suitable place for having SBAT revocation > mechanism or not. As Peter said, there was no questions in this patch, so how were we to know that this was something that you all were asking? Also, you need to provide lots of information in the changelog itself about whatever "SBAT" is, as that is not anything that anyone should be forced to look up (links go dead over time.) > We can, of course, iron out the details whether it > should be "linux.org"/"linux.com"/"lore.kernel.org/lkml/" or > "linux.onion" and where to put objcopy call, whether to silence its > output or not but these are rather implemntation details. It's a sign that this change was not thought out at all, as the follow-up questions, and lack of answers, showed in detail. > I don't > particularly see why anyone would need to get additional sign-offs to > just ask a question (which I don actually think was asked before!) and > IMO an RFC/patch is usually the best way to do so. Again, no questions were asked. And when I asked questions, no one knowledgable answered them (hint, we release more than 3 kernels a year...) > Following the discussion, it seems that at least x86 maintainer[s] are > opposed to the very idea of having SBAT revocation mechanism integrated > upstream because it's hard to meaningfully define what epoch is. You all did not even consider how this might work with our existing release process OR how we handle security fixes today. In fact, you totally ignored it, and didn't even do some basic research into our past history to see how this new feature would actually work had it been present 10 years ago. You need to convince us "of course we would be foolish to not accept this patch because you properly researched it, documented it, and tied it all into our existing release and security and other policies and proceedures". But none of that happened here, so we would be foolish to ACCEPT this patch, right? Turn it around, what would you do if you got this patch in your inbox to review and you were responsible for doing kernel releases and security fixes? > This is > OK (which doesn't mean we all agree to that) but as there's real need to > revoke "bad" (in UEFI SecureBoot sense) kernels, distros will likely > come up with their custom, downstream only ways to do it. Without an > upstream reference, however, they may come up with very differently > looking SBAT sections, this may or may not be problematic in the future, > who knows. You all haven't even properly defined what "bad" means! Or who would determine it! Or how it would work with our decades-old release process that has evolved over time. Or how it would tie into our existing security fixing policies and processes. In fact, it is a complete end-run around all of that, with only a "trust us, we will update the number when we want to" statement. Also without even defining who "us" is. And if a security policy doesn't even define who is going to be determining the security policy at all, is it a security policy you want in Linux? thanks, greg k-h