From: Matthew Garrett <mjg59@srcf.ucam.org>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
David Howells <dhowells@redhat.com>,
Josh Boyer <jwboyer@redhat.com>, Peter Jones <pjones@redhat.com>,
Vivek Goyal <vgoyal@redhat.com>,
Kees Cook <keescook@chromium.org>,
keyrings@linux-nfs.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [GIT PULL] Load keys from signed PE binaries
Date: Mon, 25 Feb 2013 15:45:49 +0000 [thread overview]
Message-ID: <20130225154549.GD13605@srcf.ucam.org> (raw)
In-Reply-To: <87ppzo79in.fsf@mid.deneb.enyo.de>
On Mon, Feb 25, 2013 at 03:28:32PM +0100, Florian Weimer wrote:
> But what puzzles me most is why anyone would assume that the UEFI
> application signing process somehow ensures that the embedded
> certificate is non-malicious. We cannot even track it back to the
> submitter because the third-pary market place UEFI authority only
> issues pseudonymous proxy certificates. This utterly useless for any
> purpose whatsoever, with the notable exception of avoding one
> additional step when setting up a dual-boot machine (which will not
> even work reliably until we switch to overwriting the Windows boot
> loader, like in the pre-UEFI days).
If your firmware trusts objects signed by Microsoft, you have to assume
that objects signed by Microsoft are trustworthy. There's no way to
build a security model otherwise. Are Microsoft trustworthy? We don't
know. If you don't trust Microsoft, remove their key from db.
> Seriously, folks, can we go back one step and discuss what problem you
> are trying to solve? Is it about allowing third-party kernel modules
> in an environment which does not allow unsigned ring 0 code execution?
The problem I'm trying to solve is "Don't permit Linux to be used as a
bootloader for backdoored versions of other operating systems". Any
other security benefit is a happy side effect.
--
Matthew Garrett | mjg59@srcf.ucam.org
next prev parent reply other threads:[~2013-02-25 15:45 UTC|newest]
Thread overview: 124+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-21 15:47 [GIT PULL] Load keys from signed PE binaries David Howells
2013-02-21 16:39 ` Linus Torvalds
2013-02-21 16:42 ` Matthew Garrett
2013-02-21 16:58 ` Linus Torvalds
2013-02-21 17:49 ` Matthew Garrett
2013-02-21 18:03 ` Linus Torvalds
2013-02-21 18:11 ` Matthew Garrett
2013-02-22 14:05 ` Peter Jones
2013-02-25 14:46 ` Florian Weimer
2013-02-25 15:42 ` Matthew Garrett
2013-02-25 15:50 ` Florian Weimer
2013-02-25 16:14 ` Matthew Garrett
2013-02-25 16:20 ` Chris Friesen
2013-02-26 21:40 ` Florian Weimer
2013-02-26 22:19 ` Chris Friesen
2013-02-21 18:17 ` David Howells
2013-02-21 18:25 ` Matthew Garrett
2013-02-25 14:33 ` Florian Weimer
2013-02-25 15:42 ` Matthew Garrett
2013-02-21 18:25 ` Linus Torvalds
2013-02-21 18:34 ` Peter Jones
2013-02-21 18:56 ` Linus Torvalds
2013-02-21 19:10 ` Peter Jones
2013-02-21 19:10 ` Matthew Garrett
2013-02-21 20:31 ` Vivek Goyal
2013-02-21 20:32 ` Matthew Garrett
2013-02-21 20:38 ` Vivek Goyal
2013-03-18 2:12 ` Stephen Rothwell
2013-03-19 18:11 ` David Howells
2013-03-20 16:52 ` David Howells
2013-03-20 23:28 ` Stephen Rothwell
2013-02-21 20:08 ` Theodore Ts'o
2013-02-25 14:28 ` Florian Weimer
2013-02-25 15:45 ` Matthew Garrett [this message]
2013-02-26 21:08 ` Florian Weimer
2013-02-25 23:51 ` David Howells
2013-02-26 0:59 ` Greg KH
2013-02-26 2:33 ` Matthew Garrett
2013-02-26 3:02 ` Greg KH
2013-02-26 3:13 ` Matthew Garrett
2013-02-26 3:25 ` Theodore Ts'o
2013-02-26 3:28 ` Matthew Garrett
2013-02-26 3:32 ` Linus Torvalds
2013-02-26 3:42 ` Matthew Garrett
2013-02-26 3:45 ` Linus Torvalds
2013-02-26 3:48 ` Matthew Garrett
2013-02-26 4:31 ` Linus Torvalds
2013-02-26 4:57 ` Matthew Garrett
2013-02-26 15:30 ` Vivek Goyal
2013-02-26 15:38 ` Vivek Goyal
2013-02-27 17:23 ` Eric W. Biederman
2013-02-26 21:30 ` Florian Weimer
2013-02-26 21:40 ` Peter Jones
2013-02-26 22:35 ` Al Viro
2013-02-26 3:40 ` Greg KH
2013-02-26 3:45 ` Matthew Garrett
2013-02-26 3:49 ` Theodore Ts'o
2013-02-26 19:30 ` Florian Weimer
2013-02-26 19:41 ` Matthew Garrett
2013-02-26 3:31 ` Greg KH
2013-02-26 3:38 ` Matthew Garrett
2013-02-26 3:54 ` Greg KH
2013-02-26 4:04 ` Matthew Garrett
2013-02-26 4:13 ` Greg KH
2013-02-26 4:23 ` Matthew Garrett
2013-02-26 4:43 ` Linus Torvalds
2013-02-26 4:59 ` Matthew Garrett
2013-02-26 21:57 ` Geert Uytterhoeven
2013-02-26 22:06 ` Peter Jones
2013-02-27 12:32 ` Geert Uytterhoeven
2013-02-27 12:43 ` Matthew Garrett
2013-02-27 14:14 ` Peter Jones
2013-02-26 4:25 ` Dave Airlie
2013-02-26 4:45 ` Theodore Ts'o
2013-02-26 4:55 ` Dave Airlie
2013-02-26 6:04 ` Theodore Ts'o
2013-02-26 6:38 ` Theodore Ts'o
2013-02-26 10:07 ` Raymond Jennings
2013-02-26 10:21 ` Matthew Garrett
2013-02-26 16:45 ` Kent Yoder
2013-02-26 16:54 ` Peter Jones
2013-02-27 15:24 ` Theodore Ts'o
2013-02-27 17:36 ` Chris Friesen
2013-02-27 17:59 ` Theodore Ts'o
2013-02-27 19:21 ` Chris Friesen
2013-02-27 19:34 ` Theodore Ts'o
2013-02-27 19:14 ` Paolo Bonzini
2013-02-27 21:31 ` Dave Airlie
2013-02-28 6:27 ` Geert Uytterhoeven
2013-02-28 7:48 ` Paolo Bonzini
2013-02-26 19:40 ` Florian Weimer
2013-02-26 19:46 ` Matthew Garrett
2013-02-26 4:50 ` Greg KH
2013-02-28 7:57 ` Florian Weimer
2013-02-28 15:43 ` Chris Friesen
2013-02-28 19:26 ` Florian Weimer
2013-02-28 19:30 ` Matthew Garrett
2013-02-28 19:41 ` Florian Weimer
2013-02-28 19:53 ` Matthew Garrett
2013-02-28 20:23 ` Florian Weimer
2013-02-28 20:31 ` Matthew Garrett
2013-02-26 15:11 ` David Howells
2013-02-26 16:50 ` Greg KH
2013-02-26 13:34 ` Jiri Kosina
2013-02-26 14:16 ` Raymond Jennings
2013-02-27 9:35 ` ownssh
2013-02-27 10:17 ` James Courtier-Dutton
2013-02-27 11:27 ` Alexander Holler
2013-02-27 11:49 ` James Courtier-Dutton
2013-02-27 14:56 ` Matthew Garrett
2013-02-27 20:35 ` ownssh
2013-03-01 18:21 ` Matthew Garrett
2013-03-01 18:39 ` Gene Heskett
2013-02-28 22:48 ` Jiri Kosina
2013-02-28 22:51 ` Matthew Garrett
2013-02-28 23:02 ` Jiri Kosina
2013-02-28 23:05 ` Matthew Garrett
2013-02-28 23:45 ` Jiri Kosina
2013-02-28 23:47 ` Matthew Garrett
2013-02-28 23:52 ` Jiri Kosina
2013-03-01 0:00 ` Matthew Garrett
2013-03-01 0:08 ` Jiri Kosina
2013-03-01 10:00 ` Vojtech Pavlik
2013-03-01 14:30 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130225154549.GD13605@srcf.ucam.org \
--to=mjg59@srcf.ucam.org \
--cc=dhowells@redhat.com \
--cc=fw@deneb.enyo.de \
--cc=jwboyer@redhat.com \
--cc=keescook@chromium.org \
--cc=keyrings@linux-nfs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pjones@redhat.com \
--cc=torvalds@linux-foundation.org \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox