From: "H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
To: Matthew Garrett
<matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org>
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH 0/2] Secure Boot: More controversial changes
Date: Mon, 28 Jan 2013 18:05:56 -0800 [thread overview]
Message-ID: <51072E84.4080509@zytor.com> (raw)
In-Reply-To: <1359391662-26120-1-git-send-email-matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org>
On 01/28/2013 08:47 AM, Matthew Garrett wrote:
> These patches break functionality that people rely on without providing
> any functional equivalent, so I'm not suggesting that they be merged
> as-is. kexec allows trivial circumvention of the trust model (it's
> trivially equivalent to permitting module loading, for instance) and
> hibernation allows similar attacks (disable swap, write a pre-formed resume
> image to swap, reboot). The hibernation patch also shows up a different
> issue - some userspace drops all capabilities, resulting in things that
> userspace expects to work no longer working. This seems like an
> unsurprising result, but breaking userspace is bad and so it'd be nice to
> figure out if there's another way to handle this.
These at the very least need some kind of CONFIG_WEAK_SECURE_BOOT option
or something like that.
-hpa
--
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel. I don't speak on their behalf.
next prev parent reply other threads:[~2013-01-29 2:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-28 16:47 [PATCH 0/2] Secure Boot: More controversial changes Matthew Garrett
2013-01-28 16:47 ` [PATCH 1/2] kexec: Disable in a secure boot environment Matthew Garrett
2013-01-28 16:47 ` [PATCH 2/2] hibernate: Disable in a Secure Boot environment Matthew Garrett
[not found] ` <1359391662-26120-1-git-send-email-matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org>
2013-01-29 2:05 ` H. Peter Anvin [this message]
[not found] ` <51072E84.4080509-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2013-01-29 4:40 ` [PATCH 0/2] Secure Boot: More controversial changes Matthew Garrett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51072E84.4080509@zytor.com \
--to=hpa-ymnouzjc4hwavxtiumwx3w@public.gmane.org \
--cc=linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).