Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1761641Ab2KAO3W (ORCPT ); Thu, 1 Nov 2012 10:29:22 -0400 Received: from mail-ee0-f46.google.com ([74.125.83.46]:55266 "EHLO mail-ee0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1761607Ab2KAO3T (ORCPT ); Thu, 1 Nov 2012 10:29:19 -0400 MIME-Version: 1.0 In-Reply-To: <1351763954.2391.37.camel@dabdike.int.hansenpartnership.com> References: <1348152065-31353-1-git-send-email-mjg@redhat.com> <2548314.3caaFsMVg6@linux-lqwf.site> <50919EED.3020601@genband.com> <36538307.gzWq1oO7Kg@linux-lqwf.site> <1351760905.2391.19.camel@dabdike.int.hansenpartnership.com> <1351762703.2391.31.camel@dabdike.int.hansenpartnership.com> <1351763954.2391.37.camel@dabdike.int.hansenpartnership.com> Date: Thu, 1 Nov 2012 10:29:17 -0400 Message-ID: Subject: Re: [RFC] Second attempt at kernel secure boot support From: Eric Paris To: James Bottomley Cc: Jiri Kosina , Oliver Neukum , Chris Friesen , Alan Cox , Matthew Garrett , Josh Boyer , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org Content-Type: text/plain; charset=ISO-8859-1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1575 Lines: 33 On Thu, Nov 1, 2012 at 5:59 AM, James Bottomley wrote: > But that doesn't really help me: untrusted root is an oxymoron. Imagine you run windows and you've never heard of Linux. You like that only windows kernels can boot on your box and not those mean nasty hacked up malware kernels. Now some attacker manages to take over your box because you clicked on that executable for young models in skimpy bathing suits. That executable rewrote your bootloader to launch a very small carefully crafted Linux environment. This environment does nothing but launch a perfectly valid signed Linux kernel, which gets a Windows environment all ready to launch after resume and goes to sleep. Now you have to hit the power button twice every time you turn on your computer, weird, but Windows comes up, and secureboot is still on, so you must be safe! In this case we have a completely 'untrusted' root inside Linux. From the user PoV root and Linux are both malware. Notice the EXACT same attack would work launching rootkit'd Linux from Linux. So don't pretend not to care about Windows. It's just that launching malware Linux seems like a reason to get your key revoked. We don't want signed code which can be used as an attack vector on ourselves or on others. That make sense? -Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/