On Tue, Apr 3, 2018 at 4:39 PM, David Howells <dhowells@xxxxxxxxxx> wrote: > Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > >> The same thing is true of some lockdown patch. Maybe it's a good thing >> in general. But whether it's a good thing is _entirely_ independent of >> any secure boot issue. I can see using secure boot without it, but I >> can very much also see using lockdown without secure boot. >> >> The two things are simply entirely orthogonal. They have _zero_ >> overlap. I'm not seeing why they'd be linked at all in any way. > > I'm not sure I agree. Here's my reasoning: > > (1) Lockdown mode really needs to activated during kernel boot, before > userspace has a chance to run, otherwise there's a window of opportunity > in which the kernel *isn't* locked down. That's simply not true. A sensible verified boot chain (a la Chrome OS) is likely to load, as one verified chunk, a kernel and initramfs. Then initramfs can flip on lockdown all by itself before it enables networking or any other attack vectors. -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
