On Fri, Mar 21, 2025 at 12:37 PM Eric Snowberg <eric.snowberg@xxxxxxxxxx> wrote: > > On Mar 20, 2025, at 3:36 PM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > On Thu, Mar 20, 2025 at 12:29 PM Eric Snowberg <eric.snowberg@xxxxxxxxxx> wrote: > >>> On Mar 6, 2025, at 7:46 PM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > >>> On March 6, 2025 5:29:36 PM Eric Snowberg <eric.snowberg@xxxxxxxxxx> wrote: > > > > ... > > > >>>> Does this mean Microsoft will begin signing shims in the future without > >>>> the lockdown requirement? > >>> > >>> That's not a question I can answer, you'll need to discuss that with the UEFI SB people. > >> > >> Based on your previous lockdown comments, I thought you might have > >> some new information. Having lockdown enforcement has always been > >> a requirement to get a shim signed by Microsoft. > > ... > > >> The alternative "usage-oriented keyring" approach you've suggested > >> wouldn't align with the threat model that lockdown aims to achieve. > > > > That's a Lockdown problem, or more specifically a problem for the > > people who are freeloading on the Lockdown LSM and expecting it to be > > maintained without contributing anything meaningful. > > There are past examples of previous contributions, but they don't seem to > go anywhere: > > https://lkml.org/lkml/2023/5/26/1057 Those patches proposed loosening Lockdown restrictions, which is particularly concerning given the intent behind Lockdown, and considering the author did not have any existing patches under security/ (they still do not, I just checked) there was room for concern. If your first introduction to your neighbour includes proposing the removal of the locks on their front door, you have to understand that they might not consider this a valuable contribution and might bristle at the idea of handing over responsibility of their home's security to you. You are welcome to continue to criticize me and my handling of things, that's the popular thing to do these days when you disagree with a maintainer, but I will note that I don't recall you offering to step up and maintain Lockdown anywhere in this thread. > Which causes us to carry patches like this downstream. Which is your choice, and I'm sure you have plenty more patches unrelated to Lockdown in your downstream repo. > >> With Clavis, I attempted to develop > >> an approach that would meet the lockdown threat model requirements > >> while allowing the end user to control key usage as they deem fit. > > > > As mentioned previously, the design/implementation choices you made > > for Clavis means it is better suited for inclusion in the key > > subsystem and not as a standalone LSM. If you wanted to > > redesign/rework Clavis to stick to the traditional LSM security blobs > > perhaps that is something we could consider as a LSM, but it's > > probably worth seeing if David and Jarkko have any interest in > > including Clavis functionality in the key subsystem first. > > The direction of creating a new LSM was based on this discussion ... Oh so we are going to repeat ourselves, are we? > A lot of time could have been saved had your concerns been > voiced in either the first or second round ... I'm still waiting for someone to connect the dots between a lack of "timely" review (feel free to define that however you like) and these never ending threads where we keep rehashing arguments over and over and over ... -- paul-moore.com
