On Tuesday, June 2, 2020 10:52:07 PM MST Chris Murphy wrote: > On Tue, Jun 2, 2020 at 8:42 PM John M. Harris Jr <johnmh@xxxxxxxxxxxxx> > wrote: > > > In what way is it incompatible with UEFI Secure Boot? > > > Secure Boot does boot verification. Hibernation right now doesn't. And > that makes it a Secure Boot loophole. And that makes it incompatible > with Secure Boot. > > It's not a new idea, it's been this way for a while. And so have the > complaints. https://lwn.net/Articles/523367/ > > <If the kernel and > > > initramfs are signed, and the resume image is for that kernel, how is this > > an issue? > > > The initramfs is not signed. > > > > What if swap is on LUKS? > > > No signature. No integrity. It is a net reduction in the protection > provided by Secure Boot - e.g. it can't detect intentional corruption > that could crash the system or even cause more corruption and eventual > data loss as the system runs. > > > > If kernel lockdown is what disables this, we should look at fixing kernel > > lockdown so that it doesn't break hibernation. This is definitely a > > security decision that we shouldn't be imposing on the masses > > needlessly, in my opinion. > > > Instead you propose imposing a loophole for attackers to easily deploy > malware needlessly. Do you really not see how this is an untenable > position for Fedora? In my opinion, the threat model you're proposing here is absurd. If people can create a valid kernel image that will be loaded from a LUKS container, we have bigger problems. -- John M. Harris, Jr. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
