lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 14 Apr 2017 19:15:41 +0100
From:   Ard Biesheuvel <ard.biesheuvel@...aro.org>
To:     Thomas Gleixner <tglx@...utronix.de>
Cc:     David Howells <dhowells@...hat.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Kyle McMartin <kyle@...hat.com>,
        "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
        One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>,
        "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
        "x86@...nel.org" <x86@...nel.org>,
        linux-security-module <linux-security-module@...r.kernel.org>,
        keyrings@...r.kernel.org,
        Matthew Garrett <matthew.garrett@...ula.com>,
        Matt Fleming <matt@...eblueprint.co.uk>
Subject: Re: [PATCH 06/24] Add a sysrq option to exit secure boot mode

On 14 April 2017 at 19:05, Thomas Gleixner <tglx@...utronix.de> wrote:
> On Wed, 5 Apr 2017, David Howells wrote:
>
>> From: Kyle McMartin <kyle@...hat.com>
>>
>> Make sysrq+x exit secure boot mode on x86_64, thereby allowing the running
>> kernel image to be modified.  This lifts the lockdown.
>>
>> Signed-off-by: Kyle McMartin <kyle@...hat.com>
>> Signed-off-by: David Howells <dhowells@...hat.com>
>> cc: x86@...nel.org
>
> Matt, Ard?
>
> Any opinions on this?
>

>From an EFI point of view, there is not a lot to see here. I think
having a SysRq to lift lockdown makes sense, although I think we
should avoid 'secure boot' when referring to lockdown because they are
really two different things. As someone else pointed out, you may have
other ways of trusting your kernel, in which case you should be able
to lock it down as well.

That does bring me to another EFI related point: many of these patches
are x86 specific for no good reason. We have been working really hard
over the past couple of years to move EFI plumbing into
drivers/firmware/efi, and things are not intimately related to an
architecture should ideally be implemented there. Looking at the
diffstat of this patch, I don't see why this should be a x86 only
feature.

In general, though, I think this should be two patches, one that
introduces the functionality to restrict some SysRq keys to console
only, and one that adds the 'x' for lockdown lift.

I haven't gotten around to responding to David's general email
regarding the point of all of this. I will do so asap, but it will
need to wait until Tuesday at least.

-- 
Ard.


On 14 April 2017 at 19:05, Thomas Gleixner <tglx@...utronix.de> wrote:
> On Wed, 5 Apr 2017, David Howells wrote:
>
>> From: Kyle McMartin <kyle@...hat.com>
>>
>> Make sysrq+x exit secure boot mode on x86_64, thereby allowing the running
>> kernel image to be modified.  This lifts the lockdown.
>>
>> Signed-off-by: Kyle McMartin <kyle@...hat.com>
>> Signed-off-by: David Howells <dhowells@...hat.com>
>> cc: x86@...nel.org
>
> Matt, Ard?
>
> Any opinions on this?
>
> Thanks,
>
>         tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ