From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg Kroah-Hartman Subject: Re: [GIT PULL] Kernel lockdown for secure boot Date: Wed, 4 Apr 2018 11:04:40 +0200 Message-ID: <20180404090440.GA24169@kroah.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org To: Matthew Garrett Cc: luto@kernel.org, Linus Torvalds , David Howells , Ard Biesheuvel , jmorris@namei.org, Alan Cox , Linux Kernel Mailing List , jforbes@redhat.com, linux-man@vger.kernel.org, jlee@suse.com, LSM List , linux-api@vger.kernel.org, Kees Cook , linux-efi List-Id: linux-api@vger.kernel.org On Wed, Apr 04, 2018 at 12:19:35AM +0000, Matthew Garrett wrote: > On Tue, Apr 3, 2018 at 5:18 PM Andy Lutomirski wrote: > > > if your secure boot-enabled bootloader can't prevent a bad guy from > > using malicious kernel command line parameters, then fix it. > > How is a bootloader supposed to know what the set of malicious kernel > command line parameters is? It wouldn't, it, if it really were "secure", would not allow any command line parameters to be changed. Which is exactly what those bootloaders who "claim" to be secure do. And, just to butt in here, there is no requirement that I have ever heard of from anyone at UEFI or Microsoft that this type of "kernel feature" is a requirement to allow for a bootloader/kernel to be signed with their key. So that should take the "politics" reason off the table here, if people thought that somehow it was even a viable reason... thanks, greg k-h