Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp6862090rwp; Tue, 18 Jul 2023 06:58:30 -0700 (PDT) X-Google-Smtp-Source: APBJJlH2oc8OSUjRawy/SMnXumgg2u+3f+mLPgFYJQxwHQF+wHjqOHsQ5D9NYHCEqigReh7UGzMm X-Received: by 2002:a05:6e02:219b:b0:346:53cf:418d with SMTP id j27-20020a056e02219b00b0034653cf418dmr3329807ila.15.1689688710283; Tue, 18 Jul 2023 06:58:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689688710; cv=none; d=google.com; s=arc-20160816; b=VT/TSjZ7YZtqpRPY+PqxkINvpl/pnD2yZMUSw0mXA4KpmAJbTa4sDvylrYZwTw8CIO kxjQP57PtsSipHaI+HIBmuF3HbusZI6avHzyt5wCUBk2oqUfyFNnJmGbfkGnfl1jWkUO tfiOyLYo41Gjpu2NHY3hmgrFnfbyBDOEgE44oW5WjynMcEC5mNPuqrkOh4t5bDTtqWAh UX4FKLO+dDMoZFVf5cqJAZMWfXAouErbcilmyiccVBdydM3xj2S58zSqJPLDuPm3Zh3y avGhSLxOvgt7TavNCsjfcS7roNgJhJ/YQNQtFazEsktZxPs6WYWNR80ZP3dyZDTngMNv 8jOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:subject :from:references:cc:to:content-language:user-agent:mime-version:date :message-id:dkim-signature; bh=iDWEmFv8ikbM1efDgxCuQsmQ0aQ6k0wQBe6ItEu3PwY=; fh=UV2S2uvhf/HA1k5Yz+Cq+ZhOl5sRafBCjFL+fJNreZU=; b=eNZUrYSwpP+2qGzWC4BWH4FP1E4Y3rIo5xskr3lh1SpLfyCHHxVJodaeRmq8vjppXv lGH41ePieisYB5t9XPivIe23e5pJEj7yf/jSCuQEWH2PtCrbWnzx2NpAFC+cdZPLRTqE z+qw32sOik63LnhIoiGMn/sagDHF29fcK3q4r9k5kx1QhR+awM83NYduHl4VhNMeN8fm rjDUBO+7+oYwYzb9BfBJBlqv8rX4+X5Ronr5dAV8lqqpm1yC4g61UmPK0cNZ5SGa0o5/ FC0rSDcnr94nKZvIW+2R+gBXzdgs1ABFUB35AL9xnlB5IhYnntU4RBefdrpeJlhIzqgg S6VA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=C3amw5SC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bv13-20020a17090af18d00b00259c1100db5si1625818pjb.188.2023.07.18.06.58.17; Tue, 18 Jul 2023 06:58:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=C3amw5SC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231987AbjGRNfq (ORCPT + 99 others); Tue, 18 Jul 2023 09:35:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38364 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229476AbjGRNfo (ORCPT ); Tue, 18 Jul 2023 09:35:44 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 54C4AD1 for ; Tue, 18 Jul 2023 06:35:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1689687299; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iDWEmFv8ikbM1efDgxCuQsmQ0aQ6k0wQBe6ItEu3PwY=; b=C3amw5SC830gong8/pnsk5icwIAXyCyUTaO+4Tb8j3ul6+GLRezwnJSEDwjFDJKJ7STHCc FOEQm9Z6b7VKgJ1+slOavH3u+pp8wFGSfTp/Nl6tKEIFuO8dhkDVecb3d2EGvqcaTUr9N3 M1r683zO4S8Ff+ha1MQ81Q7LTFZe6Jo= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-214-BKOZfY9pMayr0J6ewAho1A-1; Tue, 18 Jul 2023 09:34:56 -0400 X-MC-Unique: BKOZfY9pMayr0J6ewAho1A-1 Received: by mail-ed1-f71.google.com with SMTP id 4fb4d7f45d1cf-521a38098faso851827a12.2 for ; Tue, 18 Jul 2023 06:34:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689687295; x=1692279295; h=content-transfer-encoding:in-reply-to:subject:from:references:cc:to :content-language:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=iDWEmFv8ikbM1efDgxCuQsmQ0aQ6k0wQBe6ItEu3PwY=; b=O9vgRoJdeco+slTX90JZkDY2ua68ibc4SDPb+c/SIVsnn9hEUA0CzdmJ8jijBoTO9a ADZDnjcG9edno4oGKR6cvrQW84w3a1+riDpENB/eXe8Ft/T9tuEz+GIWUn3slxjPn+4s MugHmlQD+QsWq4SU5nTzUpDUKFlQgflqHndkElZANHo3F+uYW31gnw35OVpLuGckmpoT QoBfL6wauH2mjPWNhbb3W5bBIPWideFR6OhcHsU86yIDmFQAg3aEtgYGXuY/bdiITmmz V6XZBJqHnRhalRfsV9o2JEARGJcF0UjfbvN9HuuWeFPgWXZdmNubERjSegs1jkHcYH2x +1Qg== X-Gm-Message-State: ABy/qLY8Q5h6kKG8M6fSJm0bTN8NFyB9kh4SJKoV0f6eybIcTswsf2Do C72Tmv2wJ10ZEG4qGaHwv7LtJE4iXffaHm/l8EGtVAQgZwZgnhI43XP6ld8ilQvj71ftSPujjqU Tfb1R5o5uLh3Q7suh1rZn9kOX X-Received: by 2002:a17:906:11:b0:992:6d73:568e with SMTP id 17-20020a170906001100b009926d73568emr12055025eja.68.1689687295144; Tue, 18 Jul 2023 06:34:55 -0700 (PDT) X-Received: by 2002:a17:906:11:b0:992:6d73:568e with SMTP id 17-20020a170906001100b009926d73568emr12055000eja.68.1689687294789; Tue, 18 Jul 2023 06:34:54 -0700 (PDT) Received: from ?IPV6:2001:b07:6468:f312:9af8:e5f5:7516:fa89? ([2001:b07:6468:f312:9af8:e5f5:7516:fa89]) by smtp.googlemail.com with ESMTPSA id i19-20020a056402055300b0051e24284fc8sm1273243edx.12.2023.07.18.06.34.53 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 18 Jul 2023 06:34:54 -0700 (PDT) Message-ID: Date: Tue, 18 Jul 2023 15:34:52 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Content-Language: en-US To: Ard Biesheuvel , Emanuele Giuseppe Esposito Cc: x86@kernel.org, Thomas Gleixner , bluca@debian.org, lennart@poettering.net, Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Andrew Morton , Masahiro Yamada , Alexander Potapenko , Nick Desaulniers , Vitaly Kuznetsov , =?UTF-8?Q?Daniel_P=2e_Berrang=c3=a9?= , linux-kernel@vger.kernel.org References: <20230711154449.1378385-1-eesposit@redhat.com> From: Paolo Bonzini Subject: Re: [RFC PATCH v2] x86/boot: add .sbat section to the bzImage In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [note: while there is some overlap between the developers and Red Hat employees that are involved in KVM, I was not involved in this work and only learnt about it last Friday] On 7/13/23 15:33, Ard Biesheuvel wrote: >> A .sbat is simply a section containing a string with the component name >> and a version number. This version number is compared with the value in >> OVMF_VARS, and if it's less than the variable, the binary is not trusted, >> even if it is correctly signed. >> > > Also, 'version number' is a bit vague, better to stick with existing > terminology that makes this more self explanatory: the component that > authenticates the kernel image keeps a revocation counter, and refuses > to load authentic images whose revocation index is lower than the > revocation counter. This approach removes the need for revoking > individual image hashes or having to rotate the signing keys when a > vulnerability is discovered. > > The argument that we need this in the upstream kernel seems to be > predicated on the assumption that there is one universal signing > authority and revocation domain, but this is not necessarily true. I am not sure about this. I think that a revocation index could _in theory_ make sense as a way to double check that you have backported all the relevant bugfixes. If you backport the patch that changes the index from 2 to 3 but your tree has index=1, it will conflict and hopefully fix it or lead you to document why that is happening. But I'm saying "in theory", because I'm not sure it makes sense to apply the concept to an OS kernel. A revocation index makes sense for boot loaders, whose purpose is to check something about the next stage and then get out of the way. When using a bootloader for secure boot there is a limited amount of parsing and basically no user interaction. With some handwaving, that makes it is possible to say things like "oh no I found the 234th bug in my codebase, let's bump the revocation index to 235". If you try to do this for the OS, however, Linux's "vulnerabilities are just bugs" mantra hits hard---more specifically the reverse: all bugs are potential vulnerabilities. Sure you can hope for the best, which is what we do with module signing and with the (non-upstream) secure boot lockdown patches. In the end, however, an unpatched code execution or memory write vulnerability is always a potential rootkit. While we don't have _too_ many of those, there are enough that the idea of a revocation index becomes completely unfeasible, not too mention those that are fixed silently not because "that's the way Linus does it" but rather because we genuinely didn't think of them as security fixes. So perhaps there could be some kind of protocol that would let a new kernel tell the bootloader "don't boot an older kernel than me in the future". It could even be an extension to the SBAT spec itself. I haven't really thought much about it, tbh. However, I'm quite positive that a revocation index attached to the kernel image cannot really work as a concept, not even if it is managed by the distro. Paolo