From: Andy Lutomirski <luto@kernel.org>
To: Matthew Garrett <mjg59@google.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Lutomirski <luto@kernel.org>,
David Howells <dhowells@redhat.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
James Morris <jmorris@namei.org>,
Alan Cox <gnomes@lxorguk.ukuu.org.uk>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Justin Forbes <jforbes@redhat.com>,
linux-man <linux-man@vger.kernel.org>, joeyli <jlee@suse.com>,
LSM List <linux-security-module@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>,
Kees Cook <keescook@chromium.org>,
linux-efi <linux-efi@vger.kernel.org>
Subject: Re: [GIT PULL] Kernel lockdown for secure boot
Date: Tue, 3 Apr 2018 15:53:04 -0700 [thread overview]
Message-ID: <CALCETrXC-mL07YvGrvqaUQrbv+3fv2G9rGuQoMohaxG=QUQn2g@mail.gmail.com> (raw)
In-Reply-To: <CACdnJusSfwULV-ubvgtYd8G_cTF4LnJ4DAeTCux4XRhHKVpBUw@mail.gmail.com>
On Tue, Apr 3, 2018 at 3:51 PM, Matthew Garrett <mjg59@google.com> wrote:
> On Tue, Apr 3, 2018 at 3:46 PM Linus Torvalds
> <torvalds@linux-foundation.org>
> wrote:
>
>> For example, I love signed kernel modules. The fact that I love them
>> has absolutely zero to do with secure boot, though. There is
>> absolutely no linkage between the two issues: I use (self-)signed
>> kernel modules simply because I think it's a good thing in general.
>
>> The same thing is true of some lockdown patch. Maybe it's a good thing
>> in general. But whether it's a good thing is _entirely_ independent of
>> any secure boot issue. I can see using secure boot without it, but I
>> can very much also see using lockdown without secure boot.
>
>> The two things are simply entirely orthogonal. They have _zero_
>> overlap. I'm not seeing why they'd be linked at all in any way.
>
> Lockdown is clearly useful without Secure Boot (and I intend to deploy it
> that way for various things), but I still don't understand why you feel
> that the common case of booting a kernel from a boot chain that's widely
> trusted derives no benefit from it being harder to subvert that kernel into
> subverting that boot chain. For cases where you're self-signing and feel
> happy about that, you just set CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT to n and
> everyone's happy?
I would like to see distros that want Secure Boot to annoy users by
enabling Lockdown be honest about the fact that it's an annoyance and
adds very little value by having to carry a patch that was rejected by
the upstream kernel.
-Andy
next prev parent reply other threads:[~2018-04-03 22:53 UTC|newest]
Thread overview: 112+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4136.1522452584@warthog.procyon.org.uk>
[not found] ` <alpine.LRH.2.21.1803311145180.7769@namei.org>
2018-04-03 0:37 ` [GIT PULL] Kernel lockdown for secure boot Andy Lutomirski
2018-04-03 0:59 ` Kees Cook
2018-04-03 1:47 ` Andy Lutomirski
2018-04-03 7:06 ` David Howells
2018-04-03 15:11 ` Andy Lutomirski
2018-04-03 15:41 ` Alexei Starovoitov
2018-04-03 16:26 ` Andy Lutomirski
2018-04-03 16:29 ` Matthew Garrett
2018-04-03 16:45 ` Andy Lutomirski
[not found] ` <CAGXu5j+CyVXEvsMarJjBwaNh7poVZtmit5PGmQM9rKKqZPqVXg@mail.gmail.com>
2018-04-03 19:01 ` Andy Lutomirski
2018-04-03 19:07 ` Kees Cook
2018-04-03 19:29 ` Matthew Garrett
2018-04-03 21:51 ` Andy Lutomirski
2018-04-04 18:42 ` Peter Jones
2018-04-04 20:01 ` Thomas Gleixner
2018-04-04 20:18 ` Matthew Garrett
2018-04-05 18:47 ` Andy Lutomirski
2018-04-06 4:42 ` Peter Dolding
2018-04-03 17:16 ` David Howells
2018-04-03 19:01 ` Andy Lutomirski
2018-04-03 19:49 ` David Howells
2018-04-03 21:58 ` Andy Lutomirski
2018-04-03 22:32 ` David Howells
2018-04-03 22:39 ` Andy Lutomirski
2018-04-03 22:46 ` Linus Torvalds
2018-04-03 22:51 ` Matthew Garrett
2018-04-03 22:53 ` Andy Lutomirski [this message]
2018-04-03 23:09 ` Matthew Garrett
2018-04-03 23:08 ` Linus Torvalds
2018-04-03 23:10 ` Linus Torvalds
2018-04-03 23:17 ` Matthew Garrett
2018-04-03 23:26 ` Linus Torvalds
2018-04-03 23:39 ` Linus Torvalds
2018-04-03 23:47 ` Matthew Garrett
2018-04-04 0:02 ` Linus Torvalds
2018-04-04 0:04 ` Matthew Garrett
2018-04-04 0:08 ` Linus Torvalds
2018-04-04 0:12 ` Matthew Garrett
2018-04-05 14:58 ` Alan Cox
2018-04-04 0:22 ` David Howells
2018-04-05 17:59 ` Alan Cox
2018-04-05 18:03 ` Matthew Garrett
2018-04-03 23:45 ` Matthew Garrett
2018-04-03 23:55 ` Linus Torvalds
2018-04-03 23:59 ` Matthew Garrett
2018-04-04 0:06 ` Linus Torvalds
2018-04-04 0:10 ` Matthew Garrett
2018-04-04 0:15 ` Linus Torvalds
2018-04-04 0:16 ` Matthew Garrett
2018-04-04 0:18 ` Andy Lutomirski
2018-04-04 0:19 ` Matthew Garrett
2018-04-04 9:04 ` Greg Kroah-Hartman
2018-04-04 0:25 ` Linus Torvalds
2018-04-04 0:33 ` Linus Torvalds
2018-04-04 0:46 ` Matthew Garrett
2018-04-04 0:56 ` Linus Torvalds
2018-04-04 1:13 ` Matthew Garrett
2018-04-04 1:43 ` Linus Torvalds
2018-04-04 4:30 ` Matthew Garrett
2018-04-04 12:57 ` Theodore Y. Ts'o
2018-04-04 13:02 ` Greg Kroah-Hartman
2018-04-04 13:34 ` Theodore Y. Ts'o
2018-04-04 13:57 ` Greg Kroah-Hartman
2018-04-04 13:29 ` Mike Galbraith
2018-04-04 16:20 ` Matthew Garrett
2018-04-08 22:00 ` Pavel Machek
2018-04-04 13:33 ` David Howells
2018-04-04 13:52 ` Theodore Y. Ts'o
2018-04-04 16:22 ` Matthew Garrett
2018-04-04 16:39 ` Andy Lutomirski
2018-04-04 16:42 ` Matthew Garrett
2018-04-04 16:46 ` Justin Forbes
2018-04-05 0:05 ` Peter Dolding
2018-04-05 0:20 ` Matthew Garrett
2018-04-04 13:57 ` David Howells
2018-04-04 16:09 ` Linus Torvalds
2018-04-04 16:17 ` Matthew Garrett
2018-04-04 6:56 ` Peter Dolding
2018-04-04 16:26 ` Matthew Garrett
2018-04-05 1:28 ` Peter Dolding
2018-04-04 1:36 ` Justin Forbes
[not found] ` <CAFbkSA0ursG3RGWU19LQiD6u30h5V=Aqj3oVyHQCiX6MLopYUg@mail.gmail.com>
2018-04-04 1:58 ` Linus Torvalds
2018-04-04 0:17 ` Jann Horn
2018-04-04 0:23 ` Andy Lutomirski
2018-04-04 8:05 ` David Howells
2018-04-04 14:35 ` Andy Lutomirski
2018-04-04 14:44 ` David Howells
2018-04-04 15:43 ` Eric W. Biederman
2018-04-03 23:56 ` David Howells
2018-04-03 23:58 ` Linus Torvalds
2018-04-03 23:39 ` David Howells
2018-04-03 23:48 ` Andy Lutomirski
2018-04-08 8:23 ` Pavel Machek
2018-04-03 23:12 ` David Howells
2018-04-03 23:27 ` Linus Torvalds
2018-04-03 23:42 ` Andy Lutomirski
2018-04-03 20:53 ` Linus Torvalds
2018-04-03 20:54 ` Matthew Garrett
2018-04-03 21:01 ` Linus Torvalds
2018-04-03 21:08 ` Matthew Garrett
2018-04-03 21:21 ` Al Viro
2018-04-03 21:37 ` Matthew Garrett
2018-04-03 21:26 ` Linus Torvalds
2018-04-03 21:32 ` Matthew Garrett
2018-04-08 8:10 ` Pavel Machek
2018-04-04 2:34 Alexei Starovoitov
2018-04-04 4:31 ` Matthew Garrett
2018-04-08 7:44 ` joeyli
2018-04-08 8:07 ` joeyli
2018-04-09 3:40 ` Alexei Starovoitov
2018-04-09 8:14 ` Daniel Borkmann
2018-04-09 13:55 ` joeyli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CALCETrXC-mL07YvGrvqaUQrbv+3fv2G9rGuQoMohaxG=QUQn2g@mail.gmail.com' \
--to=luto@kernel.org \
--cc=ard.biesheuvel@linaro.org \
--cc=dhowells@redhat.com \
--cc=gnomes@lxorguk.ukuu.org.uk \
--cc=gregkh@linuxfoundation.org \
--cc=jforbes@redhat.com \
--cc=jlee@suse.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mjg59@google.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).