Re: [GIT PULL] Kernel lockdown for secure boot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [GIT PULL] Kernel lockdown for secure boot
From: Matthew Garrett <mjg59@xxxxxxxxxx>
Date: Wed, 04 Apr 2018 00:19:35 +0000
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, David Howells <dhowells@xxxxxxxxxx>, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>, jmorris@xxxxxxxxx, Alan Cox <gnomes@xxxxxxxxxxxxxxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>, jforbes@xxxxxxxxxx, linux-man@xxxxxxxxxxxxxxx, jlee@xxxxxxxx, LSM List <linux-security-module@xxxxxxxxxxxxxxx>, linux-api@xxxxxxxxxxxxxxx, Kees Cook <keescook@xxxxxxxxxxxx>, linux-efi <linux-efi@xxxxxxxxxxxxxxx>
In-reply-to: <CALCETrVF2vSvoz0sBCrfMKcbJ4hmi=1QJZbUxdvurkimVXr0nA@mail.gmail.com>
References: <4136.1522452584@warthog.procyon.org.uk> <alpine.LRH.2.21.1803311145180.7769@namei.org> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> <CALCETrUFOdrH5ShCCd8yguGjC2NtG8fJY7AW26HH467-02UVGA@mail.gmail.com> <CACdnJut31+ZtiR40nkOjm89cfUxS0EM=w-oG69PtWHbXYJQxPg@mail.gmail.com> <CALCETrXeVod=kNpG-M7yKAMM0-n+PMg_OakN6ecWrTPmKXgMLg@mail.gmail.com> <9758.1522775763@warthog.procyon.org.uk> <CALCETrWHS9p1My=j07=V=OP7v4SwQkW-kJ3JOx6EbPU8fb_XEQ@mail.gmail.com> <13189.1522784944@warthog.procyon.org.uk> <CALCETrX4CuHVpn38R24TCcJgCBLSbh-sOD-qcD5kYF8Zo53ZJw@mail.gmail.com> <9349.1522794769@warthog.procyon.org.uk> <CALCETrV6E+r942K+fu-ALNf-x6qOZ3o1hNKGeu7qEMvr8sMP9A@mail.gmail.com> <CA+55aFxKzxdRZthzaokaGPAsWCp3a-p3aVfJSutF+9Fp9sbaVA@mail.gmail.com> <CACdnJusSfwULV-ubvgtYd8G_cTF4LnJ4DAeTCux4XRhHKVpBUw@mail.gmail.com> <CA+55aFzG==xr2OLK8F03RH0nkUDeP6btWqepFTuHZqkPTAOWjQ@mail.gmail.com> <CACdnJuv_=ihPut=5OvCYEphdBOn7+JrKacBbNa0n3wv_JvFMzg@mail.gmail.com> <CA+55aFyWNok1K-Jo3TQAXGXHvFOTvuOb-Hw977B9RGjBa7prrg@mail.gmail.com> <CACdnJutZFKX+izBxRYbyxefT5KrKhVV0XsymU=vBhywd+TOE3A@mail.gmail.com> <CA+55aFwVUmjZ+Swe9xUdDOEE+EOoaU3dh7BcrH74BOLCi8y_Kw@mail.gmail.com> <CACdnJuvqQQ+hidokY5GA7g-yrAs5-358it0cs+m_d4RFDMuB_w@mail.gmail.com> <CA+55aFwJBGCr-anrdV9N63fUH4V_QJqgr0_fJyHhH=fuqGAoog@mail.gmail.com> <CACdnJuvFqXGLsAv1Km3MmdssHBfuH5-C_vG3A4eq4Yuj0HhFBA@mail.gmail.com> <CA+55aFzYbpRAdma0PvqE+9ygySuKzNKByqOzzMufBoovXVnfPw@mail.gmail.com> <CACdnJuv-VpdhjEe1cMysdHb6Oy67jQqg-_TVHbUrOfH9GmCVvg@mail.gmail.com> <CALCETrVF2vSvoz0sBCrfMKcbJ4hmi=1QJZbUxdvurkimVXr0nA@mail.gmail.com>

On Tue, Apr 3, 2018 at 5:18 PM Andy Lutomirski <luto@xxxxxxxxxx> wrote:

> if your secure boot-enabled bootloader can't prevent a bad guy from
> using malicious kernel command line parameters, then fix it.

How is a bootloader supposed to know what the set of malicious kernel
command line parameters is?
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Follow-Ups:
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Greg Kroah-Hartman

References:
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: David Howells
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Matthew Garrett
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: David Howells
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: David Howells
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: David Howells
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Linus Torvalds
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Matthew Garrett
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Linus Torvalds
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Matthew Garrett
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Linus Torvalds
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Matthew Garrett
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Linus Torvalds
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Matthew Garrett
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Linus Torvalds
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Matthew Garrett
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Linus Torvalds
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Matthew Garrett
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski

Prev by Date: Re: [GIT PULL] Kernel lockdown for secure boot
Next by Date: Re: [GIT PULL] Kernel lockdown for secure boot
Previous by thread: Re: [GIT PULL] Kernel lockdown for secure boot
Next by thread: Re: [GIT PULL] Kernel lockdown for secure boot
Index(es):
- Date
- Thread

[Index of Archives] [Linux USB Devel] [Video for Linux] [Linux Audio Users] [Yosemite News] [Linux Kernel] [Linux SCSI]