Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp7086446rwp; Tue, 18 Jul 2023 09:49:30 -0700 (PDT) X-Google-Smtp-Source: APBJJlEI5BofYg+Ehc7eRdZ02pvESj1n3F6y2ZdHu8AWfMQZOaGpH1CUp7i3Ob3pi+Bbs2eLrBs5 X-Received: by 2002:a17:906:77d8:b0:993:d54b:3e46 with SMTP id m24-20020a17090677d800b00993d54b3e46mr281743ejn.0.1689698969728; Tue, 18 Jul 2023 09:49:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689698969; cv=none; d=google.com; s=arc-20160816; b=KbRdpi7pemCjZw2K8fq0S3R36UY8uo6/11mNqkcSYScQLFYRmNxuf6VmMgG5NxB8m0 iVxDFV+i6e/HT3q6bltFzYIW/DAxY4/KFLM1MxP/nOSii1lWDLqsCmCYT+vgktc1Ejjv Rm389y6FJM3wfAA+fcKi1laYAgL2GbHYe0cyT7FrXJBMNHc/MB96TWm6aP/gC4u3b4lV guHppGWP/Sgf8Bq74OvhzP6rqDbPr4Di4o34MMcGdjyXy7xdt6cDJHYrJ8W5tvKvhpOi lVnpRQOisFULh2rxDsBnH1ttXweQA9gkX8Rcv5pJMQtZCkwwTm7wM6M+8elyijolsksG hNRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=vCJR11Z8LE62Lpm8j/WH0EMwgBueVBllyGpJYTK0igw=; fh=zuWscrIgOKFAcjL0gbkFAMpZLOVzM+z1cczlDH5alC0=; b=0Tbc8yWKfh7h6sG/7OE2UhSVprtoo1tPQdxI+foTKNhvzMZ9WkN5MC2eCcIrO0JQnW sbIjlSa6Q2opjC55OLQpG0Devj8M2RHpaN2MhDRJPn9C+zq98e8AWq3+3urRPmCdl4dc dQYcbyc1pNO3F7KEyX7M4D0V/bdOnF2fjqNIf4+2dOF0RuAostNBv+Xwz6sucsr8nyWo K7mLfhBob6L37snC+uhZpKbZHpzTjZmY26nnyoRvaD5SV8bTcjJqvgZxgokXkOtwv5mA 8PTc+sNags0DdKd6XpkwR5ZFO8SuWN4h6PAONbAFb0zRcmZ1cOksO3ExcWgrrYWzQg/2 OVVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=PykKkRIm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lo22-20020a170906fa1600b0098cee0f8cfesi1464659ejb.969.2023.07.18.09.49.05; Tue, 18 Jul 2023 09:49:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=PykKkRIm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233751AbjGRPxJ (ORCPT + 99 others); Tue, 18 Jul 2023 11:53:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47084 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233743AbjGRPxH (ORCPT ); Tue, 18 Jul 2023 11:53:07 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A19CF127 for ; Tue, 18 Jul 2023 08:52:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1689695535; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vCJR11Z8LE62Lpm8j/WH0EMwgBueVBllyGpJYTK0igw=; b=PykKkRImx35xGdEzEbXxM08pIS/G1JZBNoqJBkqFBQExfx2r+GaVgiXX6kreNXsPagqG3l yWMzR7LydS59vT2jgFdCpoUWZtEVlrhTzHSMqNe3L+SxoLq2oY5XHRXJJJq9xcx/21xH0B pWaUlYagSN4x9cGulzoMt6TSb+oXst0= Received: from mail-vs1-f72.google.com (mail-vs1-f72.google.com [209.85.217.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-199-gRe12vDbOA6XIwJcCL4AFw-1; Tue, 18 Jul 2023 11:52:12 -0400 X-MC-Unique: gRe12vDbOA6XIwJcCL4AFw-1 Received: by mail-vs1-f72.google.com with SMTP id ada2fe7eead31-4409ff60c89so832774137.2 for ; Tue, 18 Jul 2023 08:52:10 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689695528; x=1692287528; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vCJR11Z8LE62Lpm8j/WH0EMwgBueVBllyGpJYTK0igw=; b=bafQYVAhgQJFoDszS262gQdiYmt7cTAFSOw5WkYJS+2hqgR1XssUprM01sKJzAEVix yjELjPKo+aQqoUrnEGGKpTQAU5dHltqp1kz9oKhF8OPT2XCg1xBvYdHBbd2ww5Czmnof QC0eaM0mS1etRp57SPJ4DsdiO0hzFCpVUz4hR7k06h2kpJn3NhD2uaUNyQDVI2fNqbd4 G1fAtY4ce5rOQPu9YBND5w5qOSvRatxatyztcxrQZ+b3dq5XNq/6299PQpzFM4zuXNoU 6VikTrXkECYyRDzXDdjJGP694+1P3/tBhpku7aLy3EWsCxu7zhYn5JbBx/RWvIWmZRH/ exJA== X-Gm-Message-State: ABy/qLbDRojM6eETMHHxlbnRlA+lcL8rx5X4ARFOxJohZAvl7BMZk3ax 3ozKP5pQgU/KITSLGuqLg8Lds8mtCa+kiEOk6EyjC6NWqePKSN1MXayhVNmZ7WdR+0ccyOLIIs0 z/nrT/AzabQivKGxl2p6I6S/Z9Aa3GSHgG4GP//Cx X-Received: by 2002:a67:ff01:0:b0:443:791d:b238 with SMTP id v1-20020a67ff01000000b00443791db238mr6483883vsp.9.1689695528403; Tue, 18 Jul 2023 08:52:08 -0700 (PDT) X-Received: by 2002:a67:ff01:0:b0:443:791d:b238 with SMTP id v1-20020a67ff01000000b00443791db238mr6483867vsp.9.1689695528166; Tue, 18 Jul 2023 08:52:08 -0700 (PDT) MIME-Version: 1.0 References: <20230711154449.1378385-1-eesposit@redhat.com> In-Reply-To: From: Paolo Bonzini Date: Tue, 18 Jul 2023 17:51:56 +0200 Message-ID: Subject: Re: [RFC PATCH v2] x86/boot: add .sbat section to the bzImage To: Luca Boccassi Cc: Ard Biesheuvel , Emanuele Giuseppe Esposito , x86@kernel.org, Thomas Gleixner , lennart@poettering.net, Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Andrew Morton , Masahiro Yamada , Alexander Potapenko , Nick Desaulniers , Vitaly Kuznetsov , =?UTF-8?Q?Daniel_P=2E_Berrang=C3=A9?= , linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 18, 2023 at 4:03=E2=80=AFPM Luca Boccassi wr= ote: >> If you try to do this for the OS, however, Linux's "vulnerabilities are >> just bugs" mantra hits hard---more specifically the reverse: all bugs >> are potential vulnerabilities. Sure you can hope for the best, which is >> what we do with module signing and with the (non-upstream) secure boot >> lockdown patches. In the end, however, an unpatched code execution or >> memory write vulnerability is always a potential rootkit. While we >> don't have _too_ many of those, there are enough that the idea of a >> revocation index becomes completely unfeasible, not too mention those >> that are fixed silently not because "that's the way Linus does it" but >> rather because we genuinely didn't think of them as security fixes. > > Lockdown is upstream and has been for several years. Almost (the missing part is automatically locking down the kernel if running under secure boot, which is what I referred to). > Grub also gets plenty of bug fixes that are not classed as security > fixes, and so does Shim, and so does everything else. And they both > have plenty of user interaction, and plenty of variability. Heck, Grub > has its own complex configuration language that can take live input at > boot, _and_ reimplements most of the kernel filesystems! > > But anyway, from the point of view of the 3rd party CA plus Shim > workflow, they are the same, and can be treated the same - sorry, but > the kernel is not special in any way. The only thing that matters is > if, given a bug, somebody either observed it being used as a secure > boot bypass by bad actors in the wild, or was bothered enough to write > down a self-contained, real and fully working proof of concept for > secure boot bypass. Maybe I'm misunderstanding but this makes no sense to me. Any code execution vulnerability by definition lets the attacker run unsigned code in the kernel, which is a secure boot bypass. Linux is indeed not special in this respect; "wait for someone to exploit it and then bump the number" is at least dubious for Grub as well. In my opinion there is still a difference though, in that the amount of untrusted/unsigned userspace code that the kernel is exposed to, absolutely dwarfs the amount of code and data that a bootloader is exposed to. For the case of filesystems, for example, Linux is a lot more optimized, it's multithreaded, it's read/write. Grub is a lot simpler. > > So perhaps there could be some kind of protocol that would let a new > > kernel tell the bootloader "don't boot an older kernel than me in the > > future". It could even be an extension to the SBAT spec itself. I > > haven't really thought much about it, tbh. However, I'm quite positive > > that a revocation index attached to the kernel image cannot really work > > as a concept, not even if it is managed by the distro. > > You are pretty much describing SBAT there. Except for the detail that > it can't be the component that can be compromised that tells you > whether it's compromised and you should trust it... A system's SBAT > policy is a single entity, managed centrally, and deployed everywhere. Fine, so can the SBAT spec be extended to have some kind of version that is not a single number? If that is provided, Linux could have the mechanism to place the kernel version in the .sbat section. But I agree with Borislav, Greg and others that a single revocation index simply doesn't cut it. Paolo