Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp5857654rwp; Mon, 17 Jul 2023 10:27:38 -0700 (PDT) X-Google-Smtp-Source: APBJJlGfJRnNtKLzMUL9+eHOyctv3WgUlCGvbZHK1gPEKp9GKz2u3e/2mesMaYrCELbk6j81szbl X-Received: by 2002:a92:dd11:0:b0:340:8cb1:aaa8 with SMTP id n17-20020a92dd11000000b003408cb1aaa8mr262457ilm.21.1689614858308; Mon, 17 Jul 2023 10:27:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689614858; cv=none; d=google.com; s=arc-20160816; b=aCKZ1g9NglMZ7khGYpni9MfO1GAm3yuKXnU3/3MWiJuEm63rIF/fFRHDlVkQlLbeb3 K0ueDFs7NFFdQHGJFeevoN/h2i8ZJbmf7Kv4sSHajWFgNRg3Bp4rAjMsLo/fc1o17C3c JMr6jLiOOvKF+8E2rbobhDjmVyPaB2zFUoh9Bc7wQxB2xd/zI5d+w/CMNANquTDgkvwO g09RjgOTJ/JL7q4IDg4x4uvrHIDIHthXrP1cWi49NDmdGpBo1j5y2vYPWYTGIZ5wZkwL 8N84SOIdz8RuasdES5v/KUsw1FuHz9A9ktKWdV4S+1DGfLuKHXVrm2srvLNQSvabFaRs qPVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature:dkim-signature; bh=DqbmXGvZUUDfF6KuIoTcRdLzp24C9NqQ/Die1FMJ5bw=; fh=+9eO3D2G8qAIUli9ATwTSFWRRAp7xIqYlRptWM+tcUA=; b=XdBhwCzGPA7RDaDAsn+9nuy0E7rn03OutZtQpucE0PKGtnzJ0BgX0EcpyWC22CJGIf ThgS1ok+ekTbt+xgn+vwbGpdZLFBJ1F6/RWVOkF0xToZmXtqeBiobXaE5wYv6F4aLzu2 oQcaza5bbCRRhPR2I3s3i1t+hJLsjrWFkPrjpvIot9NmHgb9vftY8NlL+i3LE2i6Daa4 J3OjCD68gwLEH1qnMSMSR2Nxp4rbqRVoUZnMAoHAaVFmQmYRktyeIoQbZ5vu/wfzKj/4 qW37Wo6Afakrfucjfff1QK++J6e/kniZLhanAr0zXQSefSSFM19g1egvKlZMh9FHqWDe 70Vg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=Sg0LVlf4; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=Sg0LVlf4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p8-20020a17090a868800b0025bb4a1c12esi135781pjn.148.2023.07.17.10.27.25; Mon, 17 Jul 2023 10:27:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=Sg0LVlf4; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=Sg0LVlf4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230161AbjGQRP0 (ORCPT + 99 others); Mon, 17 Jul 2023 13:15:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36328 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229798AbjGQRPZ (ORCPT ); Mon, 17 Jul 2023 13:15:25 -0400 Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [IPv6:2607:fcd0:100:8a00::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0A23D18C; Mon, 17 Jul 2023 10:15:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1689614123; bh=t2CvEbHEtJOfQbnv6B7KOOw/16eZp8A7w4FgNzGKoBs=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=Sg0LVlf4wlWK7y06XnkN75VcH9O18A1YWdRSNWvLVkUPeOi7nMr8Lc1v0Fz5za8rO lthLDHyuDGTVb1uS0K4Rba5SURy0V4K0X2hC1BKsm6KcFmIgMFXuFxPMzFupqCoaGv TLhbw/kynnKJ9dAW7GE/Mkh7o8FVIp18R8hD7yBc= Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 5B5D0128171B; Mon, 17 Jul 2023 13:15:23 -0400 (EDT) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavis, port 10024) with ESMTP id tzxoBTS866Qv; Mon, 17 Jul 2023 13:15:23 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1689614123; bh=t2CvEbHEtJOfQbnv6B7KOOw/16eZp8A7w4FgNzGKoBs=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=Sg0LVlf4wlWK7y06XnkN75VcH9O18A1YWdRSNWvLVkUPeOi7nMr8Lc1v0Fz5za8rO lthLDHyuDGTVb1uS0K4Rba5SURy0V4K0X2hC1BKsm6KcFmIgMFXuFxPMzFupqCoaGv TLhbw/kynnKJ9dAW7GE/Mkh7o8FVIp18R8hD7yBc= Received: from lingrow.int.hansenpartnership.com (unknown [IPv6:2601:5c4:4302:c21::c14]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 70E0B12816B5; Mon, 17 Jul 2023 13:15:21 -0400 (EDT) Message-ID: <0aa647f719103e8620d7209cbde40f04a7334749.camel@HansenPartnership.com> Subject: Re: [RFC PATCH v2] x86/boot: add .sbat section to the bzImage From: James Bottomley To: "Daniel P." =?ISO-8859-1?Q?Berrang=E9?= Cc: Ard Biesheuvel , Emanuele Giuseppe Esposito , x86@kernel.org, Thomas Gleixner , bluca@debian.org, lennart@poettering.net, Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Andrew Morton , Masahiro Yamada , Alexander Potapenko , Nick Desaulniers , Vitaly Kuznetsov , linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Date: Mon, 17 Jul 2023 13:15:19 -0400 In-Reply-To: References: <20230711154449.1378385-1-eesposit@redhat.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2023-07-17 at 17:56 +0100, Daniel P. Berrangé wrote: > On Mon, Jul 17, 2023 at 12:08:26PM -0400, James Bottomley wrote: > > On Thu, 2023-07-13 at 15:52 +0200, Ard Biesheuvel wrote: > > > (add linux-efi@ cc) > > > > Thanks for that, since this is really EFI related rather than x86. > > snip > > > The problem, as I see it, is if the distros give the kernel an > > .sbat section, that means any vanilla kernel that's built by a user > > and signed by their key now won't work (even if their key is in > > MoK) because it won't have an sbat section ... and the sbat > > mechanism is component specific, not key specific, so the signer > > has no choice but to adopt it. > > AFAICT, that problem only exists for binaries directly invoked > from shim. So that would be a problem for the boot loader (grub), > or a kernel image being booted directly without a bootloader > present. Well, currently, yes; that's the in_protocol check in shim.c:verify_sbat_section(). However, I was assuming based on this thread, that that was being tightened up (either because people are moving away from grub or because the shim verifier protocol would enforce it) as you imply below. > For kernel binaries invoked indirectly by the boot loader, the > use of SBAT is currently optional. ie missing SBAT record would > be treated as success. > > This was a pragmatic way to introduce SBAT support as it only > impacted grub at that time. > > Once a distro starts adding SBAT to their kenrels too though, we > can forsee that they would like to enforce SBAT for the whole > boot chain, to prevent rollback to previously signed binaries > that lacked SBAT info. > > This policy could be enforced per key though. eg require SBAT > for anything verified against the vendor key that's compiled into > shim, but not require SBAT for binaries verified with the MoK > entries. That might work, but it's not currently in the shim code base. It also wouldn't work for SUSE I suspect: they actually put all of their distro keys into MokList (so the machine owner has to approve any SUSE key update), so how can shim tell the difference between my key and their key? > The user specific MoK entries don't have such a compelling use > case for SBAT, since if they need to revoke old binaries, the > end users always have the easy fallback option of just rotating > their signing keys and switching out the enrolled key in MoK. > > The choice of whether to mandate SBAT for binaries signed with > a MoK entry, could be set by the end user themselves at the time > their enroll their signing cert in the MoK DB. Well, I agree with this, since it was my original point. However, a key observation still seems to be that none of this exception proposal is actually coded anywhere, so if shim does tighten up sbat verification, everyone currently gets caught by it (and if it doesn't then the kernel doesn't need an sbat section). I really think if this exception proposal is what everyone is planning, then you can simply leave the upstream kernel alone, since it won't require sbat information unless incorporated into a distro. So the direction forward seems to be to get this exception proposal coded up and agreed and then we can decide based on that whether the upstream kernel needs to care. James