On 6/28/22 07:21, Florian Weimer wrote: > * Chris Murphy: > >> On Mon, Jun 27, 2022 at 1:56 AM Florian Weimer <fweimer@xxxxxxxxxx> wrote: >>> >>> * Neal Gompa: >>> >>>> I treat Secure Boot purely as a compatibility interface. We need to do >>>> just enough to get through the secure boot environment. >>> >>> Right. It's not even clear to me why we enforce kernel module >>> signatures in Secure Boot mode, and disable a few other kernel features. >> >> If users can load arbitrary unsigned kernel modules or hibernation >> images, it silently circumvents UEFI Secure Boot. I agree this is a >> frustrating paradigm for users who want certain features like using >> 3rd party modules with a Fedora kernel, or using locked down kernel >> features, but I'm not sure what the alternative is. > > Do we revoke signatures on Fedora kernels with ring 0 escalations? > I don't think so. Other distributions share the same trust root and > do not revoke kernel signatures, either. Doesn't this mean there is > an existing bypass already, by booting through a vulnerable kernel, > exploiting it, and then chain-loading another kernel with secure boot > effectively disabled (but perhaps lying to userspace about the status)? Yes, it does. That is another reason that secure boot is basically security theater if one is using the default trust roots. -- Sincerely, Demi Marie Obenour (she/her/hers)
Attachment:
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
