From: "H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
To: Matthew Garrett
<matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org>
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH 0/2] Secure Boot: More controversial changes
Date: Mon, 28 Jan 2013 18:05:56 -0800 [thread overview]
Message-ID: <51072E84.4080509@zytor.com> (raw)
In-Reply-To: <1359391662-26120-1-git-send-email-matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org>
On 01/28/2013 08:47 AM, Matthew Garrett wrote:
> These patches break functionality that people rely on without providing
> any functional equivalent, so I'm not suggesting that they be merged
> as-is. kexec allows trivial circumvention of the trust model (it's
> trivially equivalent to permitting module loading, for instance) and
> hibernation allows similar attacks (disable swap, write a pre-formed resume
> image to swap, reboot). The hibernation patch also shows up a different
> issue - some userspace drops all capabilities, resulting in things that
> userspace expects to work no longer working. This seems like an
> unsurprising result, but breaking userspace is bad and so it'd be nice to
> figure out if there's another way to handle this.
These at the very least need some kind of CONFIG_WEAK_SECURE_BOOT option
or something like that.
-hpa
--
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel. I don't speak on their behalf.
WARNING: multiple messages have this Message-ID (diff)
From: "H. Peter Anvin" <hpa@zytor.com>
To: Matthew Garrett <matthew.garrett@nebula.com>
Cc: linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH 0/2] Secure Boot: More controversial changes
Date: Mon, 28 Jan 2013 18:05:56 -0800 [thread overview]
Message-ID: <51072E84.4080509@zytor.com> (raw)
In-Reply-To: <1359391662-26120-1-git-send-email-matthew.garrett@nebula.com>
On 01/28/2013 08:47 AM, Matthew Garrett wrote:
> These patches break functionality that people rely on without providing
> any functional equivalent, so I'm not suggesting that they be merged
> as-is. kexec allows trivial circumvention of the trust model (it's
> trivially equivalent to permitting module loading, for instance) and
> hibernation allows similar attacks (disable swap, write a pre-formed resume
> image to swap, reboot). The hibernation patch also shows up a different
> issue - some userspace drops all capabilities, resulting in things that
> userspace expects to work no longer working. This seems like an
> unsurprising result, but breaking userspace is bad and so it'd be nice to
> figure out if there's another way to handle this.
These at the very least need some kind of CONFIG_WEAK_SECURE_BOOT option
or something like that.
-hpa
--
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel. I don't speak on their behalf.
next prev parent reply other threads:[~2013-01-29 2:05 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-28 16:47 [PATCH 0/2] Secure Boot: More controversial changes Matthew Garrett
2013-01-28 16:47 ` [PATCH 1/2] kexec: Disable in a secure boot environment Matthew Garrett
2013-01-28 16:47 ` [PATCH 2/2] hibernate: Disable in a Secure Boot environment Matthew Garrett
[not found] ` <1359391662-26120-1-git-send-email-matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org>
2013-01-29 2:05 ` H. Peter Anvin [this message]
2013-01-29 2:05 ` [PATCH 0/2] Secure Boot: More controversial changes H. Peter Anvin
[not found] ` <51072E84.4080509-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2013-01-29 4:40 ` Matthew Garrett
2013-01-29 4:40 ` Matthew Garrett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51072E84.4080509@zytor.com \
--to=hpa-ymnouzjc4hwavxtiumwx3w@public.gmane.org \
--cc=linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.