From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthew Garrett Subject: Re: Trusted kernel patchset for Secure Boot lockdown Date: Fri, 14 Mar 2014 12:51:58 +0000 Message-ID: <1394801518.6416.38.camel@x230.lan> References: <1393445473-15068-1-git-send-email-matthew.garrett@nebula.com> <1394686919.25122.2.camel@x230> <1394726363.25122.16.camel@x230> <20140313212450.67f1de8e@alan.etchedpixels.co.uk> <1394746248.27846.3.camel@x230> <20140313232140.03bdaac3@alan.etchedpixels.co.uk> <1394762250.6416.24.camel@x230.lan> <20140314122231.17b9ca8a@alan.etchedpixels.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: <20140314122231.17b9ca8a-mUKnrFFms3BCCTY1wZZT65JpZx93mCW/@public.gmane.org> Content-Language: en-US Content-ID: <0966C34F581DC0419EC29CD8CD81008B-HX+pjaQZbrqcE4WynfumptQqCkab/8FMAL8bYrjMMd8@public.gmane.org> Sender: linux-efi-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: "gnomes-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org" Cc: "linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "jmorris-gx6/JNMH7DfYtjvyW6yDsg@public.gmane.org" , "keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org" , "linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org" , "hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org" , "jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org" , "linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org" List-Id: linux-efi@vger.kernel.org T24gRnJpLCAyMDE0LTAzLTE0IGF0IDEyOjIyICswMDAwLCBPbmUgVGhvdXNhbmQgR25vbWVzIHdy b3RlOg0KPiA+IEhhdmUgeW91IGFjdHVhbGx5IGxvb2tlZCBhdCB0aGVzZSBwYXRjaGVzPyBJJ3Zl IGxvb2tlZCBhdCBldmVyeSBjYXNlIG9mDQo+ID4gUkFXSU8gaW4gdGhlIGtlcm5lbC4gRm9yIGNh c2VzIHRoYXQgYXJlIGhhcmR3YXJlIHNwZWNpZmljIGFuZCB0aWVkIHRvDQo+ID4gZmFpcmx5IG9s ZCBoYXJkd2FyZSwgSSd2ZSBpZ25vcmVkIHRoZW0uIEZvciBjYXNlcyB3aGljaCBwcm92aWRlIGFu DQo+IA0KPiBZZXMgSSBoYXZlIC0gYW5kIGl0J3Mgbm90IGV4YWN0bHkgbG9jYWxpc2VkOiBpdCBt b2RpZmllcyBzdHVmZiBhbGwgb3Zlcg0KPiB0aGUgdHJlZSB3aGVuIGl0IHNob3VsZG4ndCBuZWVk IHRvLiBJdCdzIGEgc2VjdXJpdHkgcG9saWN5LiBJZiBpdCBsZWFrcw0KPiBwb2xpY3kgYWxsIG92 ZXIgdGhlIGtlcm5lbCB0aGVuIHRoZSBpbXBsZW1lbnRhdGlvbiBtb2RlbCBpcyAqd3JvbmcqLg0K DQpCdXQgeW91IGtlZXAgdGFsa2luZyBhYm91dCBNU1JzIGRlc3BpdGUgdGhlcmUgYmVpbmcgYSBw YXRjaCB0aGF0IGxpbWl0cw0KYWNjZXNzIHRvIE1TUnMuIElmIHlvdSBoYXZlIHNwZWNpZmljIGV4 YW1wbGVzIG9mIHByaXZpbGVnZSBlc2NhbGF0aW9ucw0KdGhhdCBhcmUgcG9zc2libGUgZXZlbiB3 aXRoIHRoZXNlIHBhdGNoZXMgdGhlbiBwbGVhc2UsIG1lbnRpb24gdGhlbS4NCg0KPiA+ID5kZWZh dWx0IGJlaGF2aW91ciBmb3IgY2FwYWJsZSh4KSBpbiBmYWN0IGJlDQo+ID4gPg0KPiA+ID4gICAg ICAgIGNhcGFibGUoeCAmIH5zZWN1cmVfZm9yYmlkZGVuKQ0KPiA+ID4NCj4gPiA+Zm9yIGEgbWVh c3VyZWQga2VybmVsIGFuZCBhZGQgYSANCj4gPiA+DQo+ID4gPiAgICAgICAgY2FwYWJsZV9hbHdh eXMoKQ0KPiA+ID4NCj4gPiA+Zm9yIHRoZSBjYXNlcyB5b3Ugd2FudCB0byBub3QgYnJlYWsuDQo+ ID4gDQo+ID4gV2UgY291bGQgZG8gdGhhdCwgYnV0IG5vdyB0aGUgYmVoYXZpb3VyIG9mIHRoZSBw YXRjaHNldCBpcyBmYXIgbGVzcw0KPiA+IG9idmlvdXMuIGNhcGFibGUoQ0FQX1NZU19SQVdJTykg bm93IG1lYW5zIHNvbWV0aGluZyBkaWZmZXJlbnQgdG8gZXZlcnkNCj4gPiBvdGhlciB1c2Ugb2Yg Y2FwYWJsZSgpLCBhbmQgd2Ugc3RpbGwgbmVlZCBnZXRfdHJ1c3RlZF9rZXJuZWwoKSBjYWxscyBm b3INCj4gPiBjYXNlcyB3aGVyZSB0aGUgY2hlY2tzIGhhdmUgbm90aGluZyB0byBkbyB3aXRoIHBy b2Nlc3NlcyBhbmQgc28NCj4gPiBjYXBhYmlsaXRpZXMgY2FuJ3QgYmUgdXNlZC4gDQo+IA0KPiBZ b3UgZG9uJ3QgbmVlZCBnZXRfbWVhc3VyZWRfa2VybmVsKCkgY2FsbHMgYmVjYXVzZSB0aGF0cyBo aWRkZW4gd2l0aGluDQo+IGNhcGFibGUvY2FwYWJsZV9hbHdheXMuIEFuZCBpZiB0aGUgaW50ZXJh Y3Rpb24gaXMgYSBjb21wbGljYXRlZCBhcyB5b3UNCj4gaW1wbHkgdGhhdCBhZ2FpbiBzYXlzIHRv IG1lIHRoZSBtb2RlbCBpcyB3cm9uZy4gQ29tcGxpY2F0ZWQgbXVsdGktd2F5DQo+IHNlY3VyaXR5 IGludGVyYWN0aW9ucyBsZWFkIHRvIGNvbXBsaWNhdGVkIGV4cGxvaXRzIGxldmVyYWdpbmcgdGhl DQo+IGRpc2Nvbm5lY3RzLg0KDQpIb3cgaXMgY2FwYWJsZSgpIGdvaW5nIHRvIGJlIGFueSB1c2Ug d2hlbiBkZWNpZGluZyB3aGV0aGVyIG9yIG5vdCB0bw0KaW50ZXJwcmV0IHNvbWUga2VybmVsIGNv bW1hbmQgbGluZSBvcHRpb25zPw0KDQo+ID4gV2UgY2FuIGRvIHRoaXMgd2l0aG91dCB1bm5lY2Vz c2FyaWx5IGJyZWFraW5nIGFueSB1c2Vyc3BhY2UuIFdlIGp1c3QNCj4gPiBjYW4ndCBkbyBpdCBi eSBmaWRkbGluZyB3aXRoIGNhcGFiaWxpdGllcy4NCj4gDQo+IEl0IHNob3VsZCBzdGlsbCBiZSBh IHNlY3VyaXR5IG1vZGVsIG50byBzcHJlYWRpbmcgbWVhc3VyZWRfa2VybmVsKCkNCj4gY2hlY2tz IGFib3V0LiBOb3cgaWYgdGhhdCBtZWFucw0KPiANCj4gCWNhcGFibGUoQ0FQX1NZU19SQVdJTykN Cj4gDQo+IHNob3VsZCBiZWNvbWUgc2VjdXJpdHktPiBpbnRlcmZhY2UgaG9va3MgdGhhdCBwYXNz IHNvbWV0aGluZyBtZWFuaW5nZnVsDQo+IHRvIHRoZSBzZWN1cml0eSBsYXllciB0aGVuIEknZCBy YXRoZXIgd2UgZGlkIHRoZSBqb2IgcHJvcGVybHkgaW4gdGhlIGZpcnN0DQo+IHBsYWNlIGFuZCBw dXQgdGhlIHBvbGljeSBpbiBvbmUgc3BvdCBub3QgYWxsIG92ZXIgdGhlIGtlcm5lbC4NCg0KV2Ug c3RpbGwgbmVlZCBhIG1lY2hhbmlzbSB0byBkaWZmZXJlbnRpYXRlIGJldHdlZW4gY2FzZXMgd2hl cmUNCkNBUF9TWVNfUkFXSU8gc2hvdWxkIGJlIGZvcmJpZGRlbiBhbmQgY2FzZXMgd2hlcmUgaXQg c2hvdWxkIGJlDQpwZXJtaXR0ZWQsIHdoaWNoIG1lYW5zIHRoYXQgd2UgbmVlZCB0byBhZGQgYWRk aXRpb25hbCBwb2xpY3kuIFdlIGNhbg0KbW9kaWZ5IGNhcGFibGUoKSwgYnV0IHRoYXQgbWVhbnMg dGhhdCBjYXBhYmxlKCkgbm8gbG9uZ2VyIGRvZXMgd2hhdCB5b3UNCmV4cGVjdCBpdCB0byAtIGl0 J3Mgbm90IGEgdHJhbnNwYXJlbnQgaW50ZXJmYWNlLCBhbmQgdGhhdCdzIGxpa2VseSB0bw0KcmVz dWx0IGluIHBlb3BsZSBhY2NpZGVudGFsbHkgbWlzdXNpbmcgaXQuDQoNCj4gVGhlIHF1ZXN0aW9u IHRoZW4gYmVjb21lcyB3aGF0IGRvIHdlIG5lZWQgdG8gcGFzcyBiZXlvbmQgIkNBUF9TWVNfUkFX SU8iDQo+IHNvIHRoZSBwb2xpY3kgY2FuIGJlIGluIHRoZSByaWdodCBwbGFjZSAtIGV2ZW4gZm9y IGV4YW1wbGUgaW1wb3NlZCBieQ0KPiBTRUxpbnV4IHJ1bGVzLg0KDQpJdCBuZWVkcyB0byBiZSBw b3NzaWJsZSBmb3IgdGhpcyBwb2xpY3kgdG8gYmUgaW1wb3NlZCB3aXRob3V0IHVzZXJzcGFjZQ0K YmVpbmcgaW52b2x2ZWQsIHNvIHVzaW5nIHNlbGludXggd291bGQgbWVhbiBiYWtpbmcgaXQgaW50 byB0aGUga2VybmVsDQooYWxvbmcgd2l0aCBhbiBhZGRpdGlvbmFsIGltcGxlbWVudGF0aW9uIGZv ciBhcHBhcm1vciwgYW5kIHByZXN1bWFibHkNCm9uZSBmb3IgdG9tb3lvIGFzIHdlbGwpLg0KDQo+ IA0KPiA+ID4gSSBkb24ndCB0aGluayB3ZSBuZWVkIHRvIGJyZWFrIGFueSB1c2Vyc3BhY2UgZm9y ICJub3JtYWwiIG1vZGUgdG8gZG8NCj4gPiA+IHRoaXMuIFVzZXJzcGFjZSBpbiBtZWFzdXJlZCBt b2RlIGlzIGdvaW5nIHRvIGNoYW5nZSBhbnl3YXkuIEl0IGFscmVhZHkNCj4gPiA+IGhhcyBqdXN0 IGZvciB0aGluZ3MgbGlrZSBtb2R1bGUgc2lnbmluZy4NCj4gPiANCj4gPiBUaGlzIGhhcyBiZWVu IGRpc2N1c3NlZCBhdCBsZW5ndGguIE5vYm9keSB3aG8ncyBhY3R1YWxseSBzcGVudCB0aW1lDQo+ ID4gd29ya2luZyBvbiB0aGUgcHJvYmxlbSB3YW50cyB0byB1c2UgY2FwYWJpbGl0aWVzLiBDQVBf U1lTX1JBV0lPIGlzIG5vdA0KPiA+IHNlbWFudGljYWxseSBpZGVudGljYWwgdG8gdGhlIHRydXN0 ZWQga2VybmVsIGJpdC4gVHJ5aW5nIHRvIG1ha2UgdGhlbQ0KPiA+IHNlbWFudGljYWxseSBpZGVu dGljYWwgd2lsbCBicmVhayBleGlzdGluZyB1c2Vyc3BhY2UuDQo+IA0KPiBJIG5ldmVyIHNhaWQg aXQgd2FzLiBJIHNhaWQgdGhhdCBnZXR0aW5nIHJpZCBvZiBDQVBfU1lTX1JBV0lPIGFuZCB0aGVu DQo+IGRlYWxpbmcgd2l0aCAqanVzdCogdGhlIGV4Y2VwdGlvbnMgdG8gdGhpcyBpcyBhIGxvdCBj bGVhbmVyLCBhbmQgbGlrZWx5DQo+IHRvIGJlIG1vcmUgc2VjdXJlLg0KDQpBbmQgd2lsbCBnaXZl IHVzIHRoZSBjaG9pY2UgYmV0d2VlbiBjb21wbGljYXRpbmcgYSBzaW1wbGUgaW50ZXJmYWNlIG9y DQpicmVha2luZyB1c2Vyc3BhY2UuIElmIHRoZSBtYWludGFpbmVyIGJlbGlldmVzIHRoYXQncyBh IGJldHRlciBhcHByb2FjaA0KdGhlbiBJIGNhbiByZXdyaXRlIGFsbCBvZiB0aGlzIGFnYWluLCBi dXQgc28gZmFyIHlvdSBzZWVtIHRvIGJlIGluIGENCm1pbm9yaXR5IG9uIHRoaXMgZnJvbnQuIA0K DQo+IEluIGFkZGl0aW9uIHNldmVyYWwgb2YgdGhlIGNhc2VzIHRoYXQgeW91IHBvaW50IG91dCBj b3VsZCBiZSBmaXhlZCBieQ0KPiByZXBsYWNpbmcgdGhlIENBUF9TWVNfUkFXSU8gdXNpbmcgc3R1 ZmYgd2l0aCBhIHByb3BlciBpbnRlcmZhY2Ugc2hvdWxkDQo+IHByb2JhYmx5IGp1c3QgYmUgKmZp eGVkKiB0byBwcm92aWRlIHRoYXQuDQoNCi4uLnRodXMgYnJlYWtpbmcgdXNlcnNwYWNlIG91dHNp ZGUgdGhpcyB1c2UgY2FzZS4gSSBtZWFuLCBzdXJlLCBJJ20NCmFic29sdXRlbHkgZmluZSB3aXRo IGRlbGV0aW5nIC9kZXYvbWVtIGVudGlyZWx5LiBJIGRvbid0IHNlZSBMaW51cw0KYWdyZWVpbmcu DQoNCi0tIA0KTWF0dGhldyBHYXJyZXR0IDxtYXR0aGV3LmdhcnJldHRAbmVidWxhLmNvbT4NCg==