Re: [GIT PULL] Kernel lockdown for secure boot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [GIT PULL] Kernel lockdown for secure boot
From: David Howells <dhowells@xxxxxxxxxx>
Date: Wed, 04 Apr 2018 01:22:27 +0100
Cc: dhowells@xxxxxxxxxx, Matthew Garrett <mjg59@xxxxxxxxxx>, Andrew Lutomirski <luto@xxxxxxxxxx>, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>, James Morris <jmorris@xxxxxxxxx>, Alan Cox <gnomes@xxxxxxxxxxxxxxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>, Justin Forbes <jforbes@xxxxxxxxxx>, linux-man <linux-man@xxxxxxxxxxxxxxx>, joeyli <jlee@xxxxxxxx>, LSM List <linux-security-module@xxxxxxxxxxxxxxx>, Linux API <linux-api@xxxxxxxxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, linux-efi <linux-efi@xxxxxxxxxxxxxxx>
In-reply-to: <CA+55aFzH6doC2F1xBitPRwTZtbiCO_mX+QVcJ8HQCdsdD3Vmpg@mail.gmail.com>
Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903
References: <CA+55aFzH6doC2F1xBitPRwTZtbiCO_mX+QVcJ8HQCdsdD3Vmpg@mail.gmail.com> <4136.1522452584@warthog.procyon.org.uk> <alpine.LRH.2.21.1803311145180.7769@namei.org> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> <CALCETrUFOdrH5ShCCd8yguGjC2NtG8fJY7AW26HH467-02UVGA@mail.gmail.com> <CACdnJut31+ZtiR40nkOjm89cfUxS0EM=w-oG69PtWHbXYJQxPg@mail.gmail.com> <CALCETrXeVod=kNpG-M7yKAMM0-n+PMg_OakN6ecWrTPmKXgMLg@mail.gmail.com> <9758.1522775763@warthog.procyon.org.uk> <CALCETrWHS9p1My=j07=V=OP7v4SwQkW-kJ3JOx6EbPU8fb_XEQ@mail.gmail.com> <13189.1522784944@warthog.procyon.org.uk> <CALCETrX4CuHVpn38R24TCcJgCBLSbh-sOD-qcD5kYF8Zo53ZJw@mail.gmail.com> <9349.1522794769@warthog.procyon.org.uk> <CALCETrV6E+r942K+fu-ALNf-x6qOZ3o1hNKGeu7qEMvr8sMP9A@mail.gmail.com> <CA+55aFxKzxdRZthzaokaGPAsWCp3a-p3aVfJSutF+9Fp9sbaVA@mail.gmail.com> <CACdnJusSfwULV-ubvgtYd8G_cTF4LnJ4DAeTCux4XRhHKVpBUw@mail.gmail.com> <CA+55aFzG==xr2OLK8F03RH0nkUDeP6btWqepFTuHZqkPTAOWjQ@mail.gma il.com> <CACdnJuv_=ihPut=5OvCYEphdBOn7+JrKacBbNa0n3wv_JvFMzg@mail.gmail.com> <CA+55aFyWNok1K-Jo3TQAXGXHvFOTvuOb-Hw977B9RGjBa7prrg@mail.gmail.com> <CA+55aFx9u-O81MwSq8zpb+MKaWYjYvtEcFu1NLP1_s63ED6_3Q@mail.gmail.com> <CACdnJutkO9dgz=HZpPRR9PZC=+cHh97dRUiGB+D3gruZr6U9Kg@mail.gmail.com> <CA+55aFxZN_p_cU94z7QN8=HnPanRrpRHH7UUkOBaFDSjfrivnQ@mail.gmail.com> <CACdnJutOAPTmPm6dmHiw4+8rj=M7B1SiCkPaRZLmi9-CCuRyNg@mail.gmail.com>

Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:

> ...  use the kernel command line to disable things.

An attacker could then modify grub.cfg, say, and cause a reboot (or wait for
the next reboot) to disable lockdown:-/

And whilst we could also distribute a non-locked-down variant of the kernel as
an alternative, the attacker could install and boot that instead since we
can't lock package installation down very easily since it doesn't impinge
directly on the running kernel.

Unfortunately, it's hard to come up with a disablement mechanism in the kernel
that an attacker can't also make use of:-/

David
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

References:
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Linus Torvalds
- [GIT PULL] Kernel lockdown for secure boot
  - From: David Howells
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: James Morris
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: David Howells
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Matthew Garrett
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: David Howells
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: David Howells
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: David Howells
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Andy Lutomirski
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Linus Torvalds
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Matthew Garrett
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Matthew Garrett
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Linus Torvalds
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Linus Torvalds
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Matthew Garrett
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Linus Torvalds
- Re: [GIT PULL] Kernel lockdown for secure boot
  - From: Matthew Garrett

Prev by Date: Re: [GIT PULL] Kernel lockdown for secure boot
Next by Date: Re: [GIT PULL] Kernel lockdown for secure boot
Previous by thread: Re: [GIT PULL] Kernel lockdown for secure boot
Next by thread: Re: [GIT PULL] Kernel lockdown for secure boot
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Documentation] [Netdev] [Linux Ethernet Bridging] [Linux Wireless] [Kernel Newbies] [Security] [Linux for Hams] [Netfilter] [Bugtraq] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux RAID] [Linux Admin] [Samba]