From: Matthew Garrett <mjg59@srcf.ucam.org>
To: Daniel Kiper <daniel.kiper@oracle.com>
Cc: grub-devel@gnu.org, dpsmith.dev@gmail.com,
eric.snowberg@oracle.com, javierm@redhat.com,
jonmccune@google.com, kanth.ghatraju@oracle.com,
keng-yu.lin@hpe.com, konrad.wilk@oracle.com,
leif.lindholm@linaro.org, phcoder@gmail.com,
philip.b.tricca@intel.com, ross.philipson@oracle.com
Subject: Re: [PATCH RFC v2 0/5] verifiers: Framework and EFI shim lock verifier
Date: Fri, 3 Aug 2018 21:55:38 +0100 [thread overview]
Message-ID: <20180803205538.GA1432@srcf.ucam.org> (raw)
In-Reply-To: <1533303598-13233-1-git-send-email-daniel.kiper@oracle.com>
On Fri, Aug 03, 2018 at 03:39:53PM +0200, Daniel Kiper wrote:
> Some verifiers, e.g. shim lock, may not be able to verify all file types, e.g.
> GRUB2 modules, on your own and would want to delegate verification to other
> verifiers, e.g. PGP. Currently this is not possible. So, I think that we should
If every verifier is called in turn, isn't this handled by having the
shim interface return valid for all file types it doesn't verify?
> extend the interface with relevant functionality. However, this will not solve
> all problems. E.g. it is dangerous to load iorw or memrw modules, even if they
> are signed e.g. with PGP, if UEFI secure boot is enabled. So, I think that we
> should disable module loading if such verifiers are in use or provide
> a functionality which gives us a chance to black list some modules.
One option would be a secure boot verifier that just denies verification
of all modules (or has some more complicated policy)?
> If TPM verifier is introduced then module loading order changes will change
> measurements. So, in this case maybe we should encourage users to use
> standalone GRUB2. Or enforce module loading order somehow. However, this
> can be difficult and not reliable.
Yeah, I think standalone images are going to be the right solution for
most users here.
--
Matthew Garrett | mjg59@srcf.ucam.org
prev parent reply other threads:[~2018-08-03 20:55 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-03 13:39 [PATCH RFC v2 0/5] verifiers: Framework and EFI shim lock verifier Daniel Kiper
2018-08-03 13:39 ` [PATCH RFC v2 1/5] verifiers: File type for fine-grained signature-verification controlling Daniel Kiper
2018-08-03 20:56 ` Matthew Garrett
2018-08-03 21:11 ` Daniel Kiper
2018-08-03 13:39 ` [PATCH RFC v2 2/5] verifiers: Framework core Daniel Kiper
2018-08-03 13:39 ` [PATCH RFC v2 3/5] verifiers: Add possibility to verify kernel and modules command lines Daniel Kiper
2018-08-03 13:39 ` [PATCH RFC v2 4/5] verifiers: Add the documentation Daniel Kiper
2018-08-03 13:39 ` [PATCH RFC v2 5/5] efi: Add EFI shim lock verifier Daniel Kiper
2018-08-03 20:55 ` Matthew Garrett [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180803205538.GA1432@srcf.ucam.org \
--to=mjg59@srcf.ucam.org \
--cc=daniel.kiper@oracle.com \
--cc=dpsmith.dev@gmail.com \
--cc=eric.snowberg@oracle.com \
--cc=grub-devel@gnu.org \
--cc=javierm@redhat.com \
--cc=jonmccune@google.com \
--cc=kanth.ghatraju@oracle.com \
--cc=keng-yu.lin@hpe.com \
--cc=konrad.wilk@oracle.com \
--cc=leif.lindholm@linaro.org \
--cc=phcoder@gmail.com \
--cc=philip.b.tricca@intel.com \
--cc=ross.philipson@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.