On Thu, 2020-07-09 at 07:38 -0700, John M. Harris Jr wrote: > On Thursday, July 9, 2020 12:26:27 AM MST Daniel P. Berrangé wrote: > > On Wed, Jul 08, 2020 at 02:17:53PM -0700, John M. Harris Jr wrote: > > > > > On Wednesday, July 8, 2020 10:04:01 AM MST Richard Hughes wrote: > > > > > > > On Wed, 8 Jul 2020 at 16:48, John M. Harris Jr < > > > > johnmh@xxxxxxxxxxxxx> > > > > wrote: > > > > > > > > > needlessly disables a lot of kernel functionality > > > > > > > > > > > > It disables functionality which can destroy platform security. > > > > > > It disables functionality that users need, such as inserting > > > their kernel > > > > > > modules on their own system, or hibernating to disk. Let's be > > > honest about > > > what this does. This is not something that's beneficial here, > > > it's only > > > harming our users. > > > > Some users, not all users. Beware of making sweeping > > generalizations. > > > > I've used Fedora since Fedora Core 5 across countless machines and > > never > > cared about inserting custom kernel modules. Hibernating to disk is > > not > > something I've used on my laptops in probably 10 years either, as > > suspend > > to ram is generally sufficient. Again just my personal experiance. > > > > There's always a tradeoff and it is likely to be different > > depending on > > each users needs. While SecureBoot will disable some functionality > > it is > > not unreasonable to think it is a net win out of the box for a > > potentially > > quite large portion of Fedora's userbase. > > > > Regards, > > Daniel > > Please keep in mind that it disables that functionality only because > of > 'lockdown' patches applied to the Fedora kernel, it's not a normal > part of the > Linux kernel when running under Secure Boot. I have no idea why the > decision > to hurt users was explicitly made here, it doesn't make a lot of > sense. IIRC, if you sign a kernel that can load unsigned modules, you can boot that kernel, then load a custom module, that boots a different kernel or OS (such as Windows) and claim that secure boot was on, even though you have modified and/or injected malicious code into the kernel. In other words, you can circumvent the whole point of using secure boot. If you want that, you might as well just disable secure boot. Otherwise it is a bit like locking your front door, while leaving your back door widely open. You can argue all they long that secure boot doesn't bring you that much security anyway (I'm in that camp, I don't think it's worth the trouble for my home systems, so I disable them even on those that use UEFI), but then, again, as long as it's not mandatory, so the user can choose to turn it off, it should be ok. Some people might decide to make an informed decision to enable it, and that's their decision to make. It's a tradeoff - extra lockdown for some extra security. Maybe only worth it for very important systems. Nikolay _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
