From: Greg KH <gregkh@linuxfoundation.org>
To: David Howells <dhowells@redhat.com>
Cc: Florian Weimer <fw@deneb.enyo.de>,
Matthew Garrett <mjg59@srcf.ucam.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Josh Boyer <jwboyer@redhat.com>, Peter Jones <pjones@redhat.com>,
Vivek Goyal <vgoyal@redhat.com>,
Kees Cook <keescook@chromium.org>,
keyrings@linux-nfs.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [GIT PULL] Load keys from signed PE binaries
Date: Tue, 26 Feb 2013 08:50:03 -0800 [thread overview]
Message-ID: <20130226165003.GA28593@kroah.com> (raw)
In-Reply-To: <4474.1361891501@warthog.procyon.org.uk>
On Tue, Feb 26, 2013 at 03:11:41PM +0000, David Howells wrote:
> Greg KH <gregkh@linuxfoundation.org> wrote:
>
> > > (6) To maintain secure boot mode, the kernel must be signed and the boot
> > > loader must check the signature on it. The key must be either compiled
> > > into the bootloader (and thus validated by the bootloader signature) or
> > > must reside in the UEFI database.
> > >
> > > [*] Note: This step is simplified a bit.
> >
> > That's all fine, and now your machine can boot both Linux and Windows
> > wonderfully. Distros have shipped code doing this for a short while now
> > thanks to Matthew's and other developer's effort in writing a UEFI
> > bootloader / shim that Microsoft has signed.
> >
> > > (7) To maintain secure boot mode, the kernel modules must be signed and the
> > > kernel must check the signature on them. The key must be compiled into
> > > the kernel or the bootloader or must reside in the UEFI database.
> >
> > Wait right here. This is NOT mandated by UEFI, nor by anyone else. It
> > might be a nice thing that some people and companies want to implement,
> > but please don't think that some external entity is requiring that Linux
> > implement this, that is not true.
>
> What's the point in having the bootloader check the signature on a kernel
> (which you say is fine) if you then permit it to be modified arbitrarily once
> it is running? If you don't have signed modules then there's no point having
> signed kernels (assuming you don't disable module loading).
I'm not saying that it isn't something nice to have, I really like
signed kernel modules. I'm saying that the key-signing of our Linux
shim bootloader is not dependant on having signed kernel modules, that's
all. This has been proven by the fact that we have gotten bootloaders
signed without having this functionality in the kernel at the time.
thanks,
greg k-h
next prev parent reply other threads:[~2013-02-26 16:50 UTC|newest]
Thread overview: 124+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-21 15:47 [GIT PULL] Load keys from signed PE binaries David Howells
2013-02-21 16:39 ` Linus Torvalds
2013-02-21 16:42 ` Matthew Garrett
2013-02-21 16:58 ` Linus Torvalds
2013-02-21 17:49 ` Matthew Garrett
2013-02-21 18:03 ` Linus Torvalds
2013-02-21 18:11 ` Matthew Garrett
2013-02-22 14:05 ` Peter Jones
2013-02-25 14:46 ` Florian Weimer
2013-02-25 15:42 ` Matthew Garrett
2013-02-25 15:50 ` Florian Weimer
2013-02-25 16:14 ` Matthew Garrett
2013-02-25 16:20 ` Chris Friesen
2013-02-26 21:40 ` Florian Weimer
2013-02-26 22:19 ` Chris Friesen
2013-02-21 18:17 ` David Howells
2013-02-21 18:25 ` Matthew Garrett
2013-02-25 14:33 ` Florian Weimer
2013-02-25 15:42 ` Matthew Garrett
2013-02-21 18:25 ` Linus Torvalds
2013-02-21 18:34 ` Peter Jones
2013-02-21 18:56 ` Linus Torvalds
2013-02-21 19:10 ` Peter Jones
2013-02-21 19:10 ` Matthew Garrett
2013-02-21 20:31 ` Vivek Goyal
2013-02-21 20:32 ` Matthew Garrett
2013-02-21 20:38 ` Vivek Goyal
2013-03-18 2:12 ` Stephen Rothwell
2013-03-19 18:11 ` David Howells
2013-03-20 16:52 ` David Howells
2013-03-20 23:28 ` Stephen Rothwell
2013-02-21 20:08 ` Theodore Ts'o
2013-02-25 14:28 ` Florian Weimer
2013-02-25 15:45 ` Matthew Garrett
2013-02-26 21:08 ` Florian Weimer
2013-02-25 23:51 ` David Howells
2013-02-26 0:59 ` Greg KH
2013-02-26 2:33 ` Matthew Garrett
2013-02-26 3:02 ` Greg KH
2013-02-26 3:13 ` Matthew Garrett
2013-02-26 3:25 ` Theodore Ts'o
2013-02-26 3:28 ` Matthew Garrett
2013-02-26 3:32 ` Linus Torvalds
2013-02-26 3:42 ` Matthew Garrett
2013-02-26 3:45 ` Linus Torvalds
2013-02-26 3:48 ` Matthew Garrett
2013-02-26 4:31 ` Linus Torvalds
2013-02-26 4:57 ` Matthew Garrett
2013-02-26 15:30 ` Vivek Goyal
2013-02-26 15:38 ` Vivek Goyal
2013-02-27 17:23 ` Eric W. Biederman
2013-02-26 21:30 ` Florian Weimer
2013-02-26 21:40 ` Peter Jones
2013-02-26 22:35 ` Al Viro
2013-02-26 3:40 ` Greg KH
2013-02-26 3:45 ` Matthew Garrett
2013-02-26 3:49 ` Theodore Ts'o
2013-02-26 19:30 ` Florian Weimer
2013-02-26 19:41 ` Matthew Garrett
2013-02-26 3:31 ` Greg KH
2013-02-26 3:38 ` Matthew Garrett
2013-02-26 3:54 ` Greg KH
2013-02-26 4:04 ` Matthew Garrett
2013-02-26 4:13 ` Greg KH
2013-02-26 4:23 ` Matthew Garrett
2013-02-26 4:43 ` Linus Torvalds
2013-02-26 4:59 ` Matthew Garrett
2013-02-26 21:57 ` Geert Uytterhoeven
2013-02-26 22:06 ` Peter Jones
2013-02-27 12:32 ` Geert Uytterhoeven
2013-02-27 12:43 ` Matthew Garrett
2013-02-27 14:14 ` Peter Jones
2013-02-26 4:25 ` Dave Airlie
2013-02-26 4:45 ` Theodore Ts'o
2013-02-26 4:55 ` Dave Airlie
2013-02-26 6:04 ` Theodore Ts'o
2013-02-26 6:38 ` Theodore Ts'o
2013-02-26 10:07 ` Raymond Jennings
2013-02-26 10:21 ` Matthew Garrett
2013-02-26 16:45 ` Kent Yoder
2013-02-26 16:54 ` Peter Jones
2013-02-27 15:24 ` Theodore Ts'o
2013-02-27 17:36 ` Chris Friesen
2013-02-27 17:59 ` Theodore Ts'o
2013-02-27 19:21 ` Chris Friesen
2013-02-27 19:34 ` Theodore Ts'o
2013-02-27 19:14 ` Paolo Bonzini
2013-02-27 21:31 ` Dave Airlie
2013-02-28 6:27 ` Geert Uytterhoeven
2013-02-28 7:48 ` Paolo Bonzini
2013-02-26 19:40 ` Florian Weimer
2013-02-26 19:46 ` Matthew Garrett
2013-02-26 4:50 ` Greg KH
2013-02-28 7:57 ` Florian Weimer
2013-02-28 15:43 ` Chris Friesen
2013-02-28 19:26 ` Florian Weimer
2013-02-28 19:30 ` Matthew Garrett
2013-02-28 19:41 ` Florian Weimer
2013-02-28 19:53 ` Matthew Garrett
2013-02-28 20:23 ` Florian Weimer
2013-02-28 20:31 ` Matthew Garrett
2013-02-26 15:11 ` David Howells
2013-02-26 16:50 ` Greg KH [this message]
2013-02-26 13:34 ` Jiri Kosina
2013-02-26 14:16 ` Raymond Jennings
2013-02-27 9:35 ` ownssh
2013-02-27 10:17 ` James Courtier-Dutton
2013-02-27 11:27 ` Alexander Holler
2013-02-27 11:49 ` James Courtier-Dutton
2013-02-27 14:56 ` Matthew Garrett
2013-02-27 20:35 ` ownssh
2013-03-01 18:21 ` Matthew Garrett
2013-03-01 18:39 ` Gene Heskett
2013-02-28 22:48 ` Jiri Kosina
2013-02-28 22:51 ` Matthew Garrett
2013-02-28 23:02 ` Jiri Kosina
2013-02-28 23:05 ` Matthew Garrett
2013-02-28 23:45 ` Jiri Kosina
2013-02-28 23:47 ` Matthew Garrett
2013-02-28 23:52 ` Jiri Kosina
2013-03-01 0:00 ` Matthew Garrett
2013-03-01 0:08 ` Jiri Kosina
2013-03-01 10:00 ` Vojtech Pavlik
2013-03-01 14:30 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130226165003.GA28593@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=dhowells@redhat.com \
--cc=fw@deneb.enyo.de \
--cc=jwboyer@redhat.com \
--cc=keescook@chromium.org \
--cc=keyrings@linux-nfs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mjg59@srcf.ucam.org \
--cc=pjones@redhat.com \
--cc=torvalds@linux-foundation.org \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox