On Tue, Nov 14, 2017 at 9:34 AM, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > It's this insane "firmware is special" that I disagree with. It's not > special at all. Our ability to determine that userland hasn't been tampered with depends on the kernel being trustworthy. If userland can upload arbitrary firmware to DMA-capable devices then we can no longer trust the kernel. So yes, firmware is special. Here's an example: we have a signed initramfs that's loaded by a signed bootloader. That initramfs sets up a trustworthy audit chain and loads an LSM policy that prevents the rest of userland from interfering with it. From that point on, we don't care about the rest of userland being signed - we know it can't interfere with us, but we can reliably inspect what it's doing. Even an offline attack can't do any damage, since the audit code is still signed. However, the LSM-imposed boundary depends on the kernel being trustworthy. If an attacker can replace the firmware that's uploaded to a device that can do arbitrary DMA then they can tamper with the supposedly trustworthy audit code and provide false information. Being able to tamper with the contents of /usr/bin/* doesn't give them that. -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
