From: Greg KH <gregkh@linuxfoundation.org>
To: Luca Boccassi <bluca@debian.org>
Cc: "Daniel P. Berrangé" <berrange@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Emanuele Giuseppe Esposito" <eesposit@redhat.com>,
"H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, "Thomas Gleixner" <tglx@linutronix.de>,
lennart@poettering.net, "Ingo Molnar" <mingo@redhat.com>,
"Dave Hansen" <dave.hansen@linux.intel.com>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Masahiro Yamada" <masahiroy@kernel.org>,
"Alexander Potapenko" <glider@google.com>,
"Nick Desaulniers" <ndesaulniers@google.com>,
"Vitaly Kuznetsov" <vkuznets@redhat.com>,
linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH v2] x86/boot: add .sbat section to the bzImage
Date: Sun, 16 Jul 2023 20:28:10 +0200 [thread overview]
Message-ID: <2023071643-broiler-level-afbf@gregkh> (raw)
In-Reply-To: <CAMw=ZnROWgDOiAr1iikTWa7Qm81HoE17NuEdLt8hwGnkKSnoCg@mail.gmail.com>
On Sun, Jul 16, 2023 at 06:41:04PM +0100, Luca Boccassi wrote:
> On Sat, 15 Jul 2023 at 07:52, Greg KH <gregkh@linuxfoundation.org> wrote:
> >
> > On Fri, Jul 14, 2023 at 01:29:20AM +0100, Luca Boccassi wrote:
> > > On Thu, 13 Jul 2023 at 07:09, Greg KH <gregkh@linuxfoundation.org> wrote:
> > > >
> > > > On Wed, Jul 12, 2023 at 10:50:45PM +0100, Luca Boccassi wrote:
> > > > > > Who is going to be responsible for determining that this number needs to
> > > > > > be updated?
> > > > >
> > > > > Most likely those who understand the problem space - largely the group
> > > > > of people maintaining the EFI stack, with various inputs, I imagine.
> > > > > That's how it currently works for various bootloaders.
> > > >
> > > > We need specifics and to have people agree to do this, otherwise, again,
> > > > this patch is useless.
> > >
> > > Not really, as this is about mechanism, not process.
> >
> > And this right here is why everyone is both so mad at this patch from
> > our side, and so confused about patch from the developer's side.
> >
> > To think that "let's add a security canary to the kernel image" is
> > anything other than a process issue, shows a lack of understanding about
> > exactly how the kernel is released, how the existing kernel security
> > response team works, and who does any of this work. To ignore that
> > means that there is no way in the world this can ever be accepted.
>
> This _question_ was about mechanism, not process. As already
> mentioned, nobody asked you to sign up for any extra work.
And that is the disconnect. To think that this magic "security canary
number" is somehow not going to affect my work is not correct. See
below for details...
> > > > > > How long will this feature have to be maintained?
> > > > >
> > > > > Until something else supplants EFI, I'd imagine
> > > >
> > > > So 40+ years, great, who is going to fund that?
> > >
> > > Who funds EFI work?
> >
> > UEFI the spec is funded by various companies (Intel, et-all). So you
> > are saying that these companies also need to do this development too?
> > Have you got them to agree to this? If so, great, let's get their
> > signed-off-by on it please.
> >
> > Otherwise you all are saying "someone else will do all of this process
> > work", which frankly, is totally insulting to those of us who _do_ do
> > all of the process work for security issues and kernel releases.
>
> Nobody asked you to do any process work.
Great, so who will be doing this process work?
Seriously, we have to know this before we could accept this type of
thing. To not do so would mean this value means nothing.
> > > > > > We have a plethora of kernel changes in our history to learn from here,
> > > > > > please do so and show how this will affect us going forward based on our
> > > > > > past, otherwise we have no way of knowing how any of this is going to
> > > > > > work.
> > > > >
> > > > > I am not aware of anything similar enough, but please do point those
> > > > > out if you are.
> > > >
> > > > Audit our past history and document when the number would have changed
> > > > please.
> > >
> > > Sure, where do I send the invoice?
> >
> > If you are not willing to take the time to determine how this proposed
> > change will affect the kernel developers and infrastructure by doing
> > some modeling based on our past history, then we have no reason to even
> > consider accepting this change as you are stating that you have no idea
> > how it will affect us.
>
> There's no need for that to tell you how this will affect you: it will
> not. Every now and then you'll receive a one-liner patch to apply.
> What's so terrible about that?
And who will be sending that to me? For what releases? For how long
will they be agreeing to do this work for? How will it be tracked?
What will they be using to determine when the number will be changed?
How will they know it should be changed?
None of this has been answered, and that's the real issue here. This
"magic number" is saying it is going to reflect some specific "security
issue" yet no one is saying how those issues are going to be determined,
or anything else about it.
Again, as I've repeated numerous times, tell us how often this number
would have changed in the past X years to give us an idea of how you
will be changing it going forward. To not provide any of this means
this patch adding this magic number means nothing as no one knows what
it actually means.
thanks,
greg k-h
next prev parent reply other threads:[~2023-07-16 18:28 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-11 15:44 [RFC PATCH v2] x86/boot: add .sbat section to the bzImage Emanuele Giuseppe Esposito
2023-07-12 1:21 ` H. Peter Anvin
2023-07-12 1:33 ` H. Peter Anvin
2023-07-12 6:19 ` Emanuele Giuseppe Esposito
2023-07-12 12:00 ` Borislav Petkov
2023-07-12 12:48 ` Daniel P. Berrangé
2023-07-12 13:28 ` Borislav Petkov
2023-07-12 14:06 ` Daniel P. Berrangé
2023-07-12 15:43 ` Greg KH
2023-07-12 16:23 ` Luca Boccassi
2023-07-12 16:57 ` Greg KH
2023-07-12 18:59 ` Luca Boccassi
2023-07-12 19:05 ` Greg KH
2023-07-12 19:35 ` Luca Boccassi
2023-07-12 19:42 ` Borislav Petkov
2023-07-12 19:56 ` Luca Boccassi
2023-07-12 20:01 ` Borislav Petkov
2023-07-12 20:16 ` Luca Boccassi
2023-07-12 20:07 ` Greg KH
2023-07-12 20:41 ` Luca Boccassi
2023-07-12 21:11 ` Greg KH
2023-07-12 21:12 ` Willy Tarreau
2023-07-12 22:32 ` Luca Boccassi
2023-07-12 21:20 ` Greg KH
2023-07-12 21:50 ` Luca Boccassi
2023-07-13 6:09 ` Greg KH
2023-07-14 0:29 ` Luca Boccassi
2023-07-15 6:51 ` Greg KH
2023-07-16 17:41 ` Luca Boccassi
2023-07-16 18:28 ` Greg KH [this message]
2023-07-17 9:22 ` Daniel P. Berrangé
2023-07-17 11:06 ` Peter Zijlstra
2023-07-17 11:47 ` Daniel P. Berrangé
2023-07-17 14:10 ` Greg KH
2023-07-17 11:12 ` Luca Boccassi
2023-07-17 14:11 ` Greg KH
2023-07-17 14:06 ` Greg KH
2023-07-12 15:45 ` Greg KH
2023-07-13 8:57 ` Vitaly Kuznetsov
2023-07-13 9:16 ` Peter Zijlstra
2023-07-13 14:58 ` Greg KH
2023-07-13 15:51 ` Vitaly Kuznetsov
2023-07-13 16:58 ` Greg KH
2023-07-13 20:49 ` Emanuele Giuseppe Esposito
2023-07-13 22:04 ` Greg KH
2023-07-14 6:57 ` Emanuele Giuseppe Esposito
2023-07-15 6:59 ` Greg KH
2023-07-13 13:33 ` Ard Biesheuvel
2023-07-13 13:52 ` Ard Biesheuvel
2023-07-13 20:39 ` Emanuele Giuseppe Esposito
2023-07-13 22:31 ` Luca Boccassi
2023-07-14 8:52 ` Ard Biesheuvel
2023-07-14 9:13 ` Matthew Garrett
2023-07-14 9:14 ` Ard Biesheuvel
2023-07-14 9:25 ` Luca Boccassi
2023-07-17 16:08 ` James Bottomley
2023-07-17 16:56 ` Daniel P. Berrangé
2023-07-17 17:15 ` James Bottomley
2023-07-17 18:16 ` Daniel P. Berrangé
2023-07-20 16:46 ` Eric Snowberg
2023-07-20 17:07 ` James Bottomley
2023-07-20 18:10 ` Eric Snowberg
2023-07-20 19:16 ` Luca Boccassi
2023-07-21 0:02 ` Eric Snowberg
2023-07-21 8:55 ` Luca Boccassi
2023-07-21 11:24 ` James Bottomley
2023-07-21 12:40 ` Luca Boccassi
2023-07-21 13:01 ` James Bottomley
2023-07-21 13:10 ` Luca Boccassi
2023-07-21 13:33 ` James Bottomley
2023-07-21 15:14 ` Luca Boccassi
2023-07-21 15:22 ` Luca Boccassi
2023-07-21 15:27 ` James Bottomley
2023-07-13 23:13 ` Luca Boccassi
2023-07-14 9:33 ` Ard Biesheuvel
2023-07-14 9:59 ` Daniel P. Berrangé
2023-07-14 10:40 ` Luca Boccassi
2023-07-18 13:34 ` Paolo Bonzini
2023-07-18 14:02 ` Luca Boccassi
2023-07-18 15:51 ` Paolo Bonzini
2023-07-18 16:35 ` Daniel P. Berrangé
2023-07-19 13:21 ` Paolo Bonzini
2023-07-19 13:34 ` Luca Boccassi
2023-07-19 15:11 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2023071643-broiler-level-afbf@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=berrange@redhat.com \
--cc=bluca@debian.org \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=eesposit@redhat.com \
--cc=glider@google.com \
--cc=hpa@zytor.com \
--cc=lennart@poettering.net \
--cc=linux-kernel@vger.kernel.org \
--cc=masahiroy@kernel.org \
--cc=mingo@redhat.com \
--cc=ndesaulniers@google.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox