On Fri, Mar 21, 2025 at 1:22 PM Jarkko Sakkinen <jarkko@xxxxxxxxxx> wrote: > On Thu, Mar 20, 2025 at 05:36:41PM -0400, Paul Moore wrote: ... > > I want to address two things, the first, and most important, is that > > while I am currently employed by Microsoft, I do not speak for > > Microsoft and the decisions and actions I take as an upstream Linux > > kernel maintainer are not vetted by Microsoft in any way. I think you > > will find that many upstream kernel maintainers operate in a similar > > way for a variety of very good reasons. > > This is understood. If one takes a kernel maintainer role, one should > unconditionally disobey any vetting by the employer (even at the cost of > the job, or alternatively at the cost of giving up the maintainership). > > And with you in particular I don't think anyone has any trust issues, > no matter which group of villains you might be employed by ;-) Haha :D > > The second issue is that my main focus is on ensuring we have a > > secure, safe, and well maintained LSM subsystem within the upstream > > Linux kernel. While I do care about downstream efforts, e.g. UEFI > > Secure Boot, those efforts are largely outside the scope of the > > upstream Linux kernel and not my first concern. If the developer > > groups who are focused on things like UEFI SB want to rely on > > functionality within the upstream Linux kernel they should be prepared > > to stand up and contribute/maintain those features or else they may go > > away at some point in the future. In very blunt terms, contribute > > upstream or Lockdown dies. > > Could Lockdown functionality be re-implemented with that eBPF LSM? I > have not really looked into it so far... I haven't looked at it too closely, but the kernel code is very simplistic so I would be surprised if it couldn't be implemented in eBPF, although there might be some issues about *very* early boot (Lockdown can run as an "early" LSM) and integrity which would need to be addressed (there is work ongoing in that are, see the recent Hornet posting as one example of that work). Beyond that there are policy/political issues around that would need to be worked out; nothing that couldn't be done, but it would be something that we would need to sort out. However, as I mentioned earlier, with Lockdown already present in the kernel, deprecation and removal is really only an option of last resort, and I'm hopeful we won't come to that. We've seen some proper Lockdown patches submitted overnight (!!!) and I'm discussing maintainer roles with a couple of people off-list; with a bit of luck I'm thinking Lockdown might be properly maintained after this upcoming merge window. Fingers crossed :) -- paul-moore.com
