Re: [GIT PULL] Kernel lockdown for secure boot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [GIT PULL] Kernel lockdown for secure boot
From: David Howells <dhowells@xxxxxxxxxx>
Date: Tue, 03 Apr 2018 18:16:03 +0100
Cc: dhowells@xxxxxxxxxx, Matthew Garrett <mjg59@xxxxxxxxxx>, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>, James Morris <jmorris@xxxxxxxxx>, Alan Cox <gnomes@xxxxxxxxxxxxxxxxxxx>, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>, Justin Forbes <jforbes@xxxxxxxxxx>, linux-man <linux-man@xxxxxxxxxxxxxxx>, joeyli <jlee@xxxxxxxx>, LSM List <linux-security-module@xxxxxxxxxxxxxxx>, Linux API <linux-api@xxxxxxxxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, linux-efi <linux-efi@xxxxxxxxxxxxxxx>
In-reply-to: <CALCETrXeVod=kNpG-M7yKAMM0-n+PMg_OakN6ecWrTPmKXgMLg@mail.gmail.com>
Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903
References: <CALCETrXeVod=kNpG-M7yKAMM0-n+PMg_OakN6ecWrTPmKXgMLg@mail.gmail.com> <4136.1522452584@warthog.procyon.org.uk> <alpine.LRH.2.21.1803311145180.7769@namei.org> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> <CALCETrUFOdrH5ShCCd8yguGjC2NtG8fJY7AW26HH467-02UVGA@mail.gmail.com> <CACdnJut31+ZtiR40nkOjm89cfUxS0EM=w-oG69PtWHbXYJQxPg@mail.gmail.com>

Andy Lutomirski <luto@xxxxxxxxxx> wrote:

> > A kernel that allows users arbitrary access to ring 0 is just an
> > overfeatured bootloader. Why would you want secure boot in that case?
> 
> To get a chain of trust.

You don't have a chain of trust that you can trust in that case.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Follow-Ups:
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: David Howells
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski

References:
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: David Howells
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Matthew Garrett

Prev by Date: Re: [GIT PULL] Kernel lockdown for secure boot
Next by Date: Re: [GIT PULL] Kernel lockdown for secure boot
Previous by thread: Re: [GIT PULL] Kernel lockdown for secure boot
Next by thread: Re: [GIT PULL] Kernel lockdown for secure boot
Index(es):
- Date
- Thread

[Index of Archives] [Linux USB Devel] [Video for Linux] [Linux Audio Users] [Yosemite News] [Linux Kernel] [Linux SCSI]