Re: [GIT PULL] Kernel lockdown for secure boot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Andy Lutomirski <luto@xxxxxxxxxx>
Subject: Re: [GIT PULL] Kernel lockdown for secure boot
From: David Howells <dhowells@xxxxxxxxxx>
Date: Tue, 03 Apr 2018 18:16:03 +0100
Cc: dhowells@xxxxxxxxxx, Matthew Garrett <mjg59@xxxxxxxxxx>, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>, James Morris <jmorris@xxxxxxxxx>, Alan Cox <gnomes@xxxxxxxxxxxxxxxxxxx>, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>, Justin Forbes <jforbes@xxxxxxxxxx>, linux-man <linux-man@xxxxxxxxxxxxxxx>, joeyli <jlee@xxxxxxxx>, LSM List <linux-security-module@xxxxxxxxxxxxxxx>, Linux API <linux-api@xxxxxxxxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, linux-efi <linux-efi@xxxxxxxxxxxxxxx>
In-reply-to: <CALCETrXeVod=kNpG-M7yKAMM0-n+PMg_OakN6ecWrTPmKXgMLg@mail.gmail.com>
Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903

Andy Lutomirski <luto@xxxxxxxxxx> wrote:

> > A kernel that allows users arbitrary access to ring 0 is just an
> > overfeatured bootloader. Why would you want secure boot in that case?
> 
> To get a chain of trust.

You don't have a chain of trust that you can trust in that case.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Follow-Ups:
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: David Howells
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski

References:
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski
- [GIT PULL] Kernel lockdown for secure boot
  - From: David Howells
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: James Morris
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Matthew Garrett

Prev by Date: Re: [PATCH v2] x86/xen/efi: Initialize UEFI secure boot state during dom0 boot
Next by Date: Re: [PATCH 2/2] efi: Add embedded peripheral firmware support
Previous by thread: Re: [GIT PULL] Kernel lockdown for secure boot
Next by thread: Re: [GIT PULL] Kernel lockdown for secure boot
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Security] [Bugtraq] [Linux OMAP] [Linux MIPS] [ECOS] [Asterisk Internet PBX] [Linux API]