From: David Howells <dhowells@redhat.com>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: dhowells@redhat.com, Vivek Goyal <vgoyal@redhat.com>,
Yannik Sembritzki <yannik@sembritzki.me>,
Linus Torvalds <torvalds@linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Peter Anvin <hpa@zytor.com>,
the arch/x86 maintainers <x86@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Dave Young <dyoung@redhat.com>, Baoquan He <bhe@redhat.com>,
"Justin M. Forbes" <jforbes@redhat.com>,
Peter Jones <pjones@redhat.com>,
Matthew Garrett <mjg59@google.com>
Subject: Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot
Date: Thu, 16 Aug 2018 15:43:50 +0100 [thread overview]
Message-ID: <25236.1534430630@warthog.procyon.org.uk> (raw)
In-Reply-To: <1534429345.3166.1.camel@HansenPartnership.com>
James Bottomley <James.Bottomley@HansenPartnership.com> wrote:
> I've told you several times you can't use the secure boot keys for any form
> of trust beyond boot,
Yes - and you've been told several times that you're wrong.
As far as I can tell, you seem to think that whilst keys from the UEFI storage
could be used to verify a hacked module, they couldn't be used to verify a
hacked boot-time component (shim, grub, kernel, etc.).
However, if you can load a hacked module, you can very likely replace the
shim, say, with a hacked one. In fact, replacing the shim may be easier
because modules are tied to their parent kernel in other ways besides the
signing key, whereas a shim must be standalone.
I will grant, however, that it I can understand a desire to reduce the attack
surface by not trusting the UEFI keys beyond booting - but then you shouldn't
use them for kexec *either*.
> Personally, I don't see any use for the UEFI keys in the kernel beyond
> kexec
Allowing you to load the NVidia module, say, into the kernel without the
distribution having to build it in with the kernel.
David
next prev parent reply other threads:[~2018-08-16 14:43 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-15 10:00 [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot Yannik Sembritzki
2018-08-15 16:54 ` Linus Torvalds
2018-08-15 17:27 ` Yannik Sembritzki
2018-08-15 17:37 ` Yannik Sembritzki
2018-08-15 17:42 ` Vivek Goyal
2018-08-15 18:44 ` Yannik Sembritzki
2018-08-15 18:58 ` Vivek Goyal
2018-08-15 19:06 ` Yannik Sembritzki
2018-08-15 19:49 ` Vivek Goyal
2018-08-15 20:47 ` Linus Torvalds
2018-08-15 20:53 ` James Bottomley
2018-08-15 21:08 ` Yannik Sembritzki
2018-08-15 21:13 ` James Bottomley
2018-08-15 21:31 ` Yannik Sembritzki
2018-08-15 21:40 ` James Bottomley
2018-08-15 21:50 ` Yannik Sembritzki
2018-08-15 21:57 ` Vivek Goyal
2018-08-15 22:14 ` Yannik Sembritzki
2018-08-15 21:52 ` Vivek Goyal
2018-08-15 21:57 ` James Bottomley
2018-08-15 21:14 ` Linus Torvalds
2018-08-16 13:51 ` David Howells
2018-08-16 15:16 ` James Bottomley
2018-08-16 15:42 ` James Bottomley
2018-08-16 15:49 ` David Howells
2018-08-16 15:56 ` James Bottomley
2018-08-16 16:56 ` David Laight
2018-08-16 17:15 ` James Bottomley
2018-08-16 20:31 ` David Howells
2018-08-17 0:07 ` James Bottomley
2018-08-17 8:24 ` David Howells
2018-08-17 14:58 ` James Bottomley
2018-08-17 15:42 ` Justin Forbes
2018-08-17 16:02 ` James Bottomley
2018-08-16 12:13 ` David Howells
2018-08-16 14:22 ` James Bottomley
2018-08-16 14:43 ` David Howells [this message]
2018-08-16 14:59 ` James Bottomley
2018-08-17 17:00 ` Alan Cox
2018-08-16 0:52 ` Dave Young
2018-08-16 0:55 ` Dave Young
2018-08-15 17:45 ` Linus Torvalds
2018-08-15 18:19 ` Yannik Sembritzki
2018-08-15 18:22 ` Linus Torvalds
2018-08-15 19:42 ` [PATCH 0/2] Fix kexec forbidding kernels signed with keys in the secondary keyring " Yannik Sembritzki
2018-08-16 18:02 ` Linus Torvalds
2018-08-15 19:42 ` [PATCH 1/2] " Yannik Sembritzki
2018-08-15 19:42 ` [PATCH 2/2] Replace magic for trusting the secondary keyring with #define Yannik Sembritzki
2018-08-15 21:14 ` kbuild test robot
2018-08-15 21:19 ` [PATCH 2/2] [FIXED] " Yannik Sembritzki
2018-08-15 22:01 ` Linus Torvalds
2018-08-15 22:07 ` [PATCH 2/2] [FIXED v2] " Yannik Sembritzki
2018-08-16 1:11 ` Dave Young
2018-08-16 7:43 ` Yannik Sembritzki
2018-08-16 8:02 ` Dave Young
2018-08-16 8:20 ` Greg Kroah-Hartman
2018-08-16 12:46 ` Vivek Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=25236.1534430630@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=bhe@redhat.com \
--cc=dyoung@redhat.com \
--cc=hpa@zytor.com \
--cc=jforbes@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=mjg59@google.com \
--cc=pjones@redhat.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=vgoyal@redhat.com \
--cc=x86@kernel.org \
--cc=yannik@sembritzki.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.