From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752881AbcAVB6O (ORCPT <rfc822;w@1wt.eu>);
	Thu, 21 Jan 2016 20:58:14 -0500
Received: from mx2.suse.de ([195.135.220.15]:37356 "EHLO mx2.suse.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752069AbcAVB6G (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Thu, 21 Jan 2016 20:58:06 -0500
Date: Fri, 22 Jan 2016 02:58:01 +0100
From: "Luis R. Rodriguez" <mcgrof@suse.com>
To: Kees Cook <keescook@chromium.org>, Greg KH <gregkh@linuxfoundation.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: "Luis R. Rodriguez" <mcgrof@do-not-panic.com>,
        Ming Lei <ming.lei@canonical.com>,
        Josh Boyer <jwboyer@fedoraproject.org>,
        Johannes Berg <johannes@sipsolutions.net>,
        Andy Lutomirski <luto@amacapital.net>,
        Jonathan Corbet <corbet@lwn.net>,
        David Woodhouse <dwmw2@infradead.org>,
        David Howells <dhowells@redhat.com>,
        Seth Forshee <seth.forshee@canonical.com>,
        Rusty Russell <rusty@rustcorp.com.au>, Michal Marek <mmarek@suse.cz>,
        Matthew Garrett <mjg59@srcf.ucam.org>, Kyle McMartin <kyle@kernel.org>,
        Mimi Zohar <zohar@linux.vnet.ibm.com>,
        Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
        Vivek Goyal <vgoyal@redhat.com>,
        Brian Norris <computersforpeace@gmail.com>,
        Shuah Khan <shuahkh@osg.samsung.com>,
        linux-security-module <linux-security-module@vger.kernel.org>,
        keyrings@linux-nfs.org, LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v3 5/5] firmware: add an extensible system data helpers
Message-ID: <20160122015801.GW20964@wotan.suse.de>
References: <1450906497-24179-1-git-send-email-mcgrof@do-not-panic.com>
 <1450906497-24179-6-git-send-email-mcgrof@do-not-panic.com>
 <CAGXu5jJVNc61WF9nFZKbU6VUZrbRbSD8e1=w5FQmdSmFu7_1vA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAGXu5jJVNc61WF9nFZKbU6VUZrbRbSD8e1=w5FQmdSmFu7_1vA@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Jan 04, 2016 at 12:31:58PM -0800, Kees Cook wrote:
> On Wed, Dec 23, 2015 at 1:34 PM, Luis R. Rodriguez
> <mcgrof@do-not-panic.com> wrote:
> > In order to try to help phase out user mode helpers this makes no use of
> > the old user mode helper code *at all*, and if we wish to can easily
> > phase this code out with time then.
> 
> So these are basically wrappers around the existing firmware loading routines?

No, Greg has noted we cannot get rid of the usermode helper [0]. In fact at
kernel summit he mentioned there are a series of upcoming valid users who seem
to *want* it.  Even Linus has called for deprecating the usermode helper [1]
entirely if possible. This work tries to enable such prospects despite some
needing the usermode helper by enabling callers that *need* the usermode helper
to use the crappy usermode helper and letting us slowly dig that into a dark
corner. This paves the path with a shiny extensible API with prospects of
future features (fw signingin will be one) without use of the usermode helper
at all, the extensible API enables new extensions by avoiding unnecessary
collateral evolutions as this code / features get added. This provides a clean
an way to enable folks who do wish to deprecate and the usermode helper to do
so and provides carrots for doing that.
 
[0] https://marc.info/?i=20151006090821.GB9030%40kroah.com
[1] https://marc.info/?l=linux-kernel&m=144095832412928

  Luis