lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130226165003.GA28593@kroah.com>
Date:	Tue, 26 Feb 2013 08:50:03 -0800
From:	Greg KH <gregkh@...uxfoundation.org>
To:	David Howells <dhowells@...hat.com>
Cc:	Florian Weimer <fw@...eb.enyo.de>,
	Matthew Garrett <mjg59@...f.ucam.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Josh Boyer <jwboyer@...hat.com>,
	Peter Jones <pjones@...hat.com>,
	Vivek Goyal <vgoyal@...hat.com>,
	Kees Cook <keescook@...omium.org>, keyrings@...ux-nfs.org,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] Load keys from signed PE binaries

On Tue, Feb 26, 2013 at 03:11:41PM +0000, David Howells wrote:
> Greg KH <gregkh@...uxfoundation.org> wrote:
> 
> > >  (6) To maintain secure boot mode, the kernel must be signed and the boot
> > >      loader must check the signature on it.  The key must be either compiled
> > >      into the bootloader (and thus validated by the bootloader signature) or
> > >      must reside in the UEFI database.
> > > 
> > >      [*] Note: This step is simplified a bit.
> > 
> > That's all fine, and now your machine can boot both Linux and Windows
> > wonderfully.  Distros have shipped code doing this for a short while now
> > thanks to Matthew's and other developer's effort in writing a UEFI
> > bootloader / shim that Microsoft has signed.
> > 
> > >  (7) To maintain secure boot mode, the kernel modules must be signed and the
> > >      kernel must check the signature on them.  The key must be compiled into
> > >      the kernel or the bootloader or must reside in the UEFI database.
> > 
> > Wait right here.  This is NOT mandated by UEFI, nor by anyone else.  It
> > might be a nice thing that some people and companies want to implement,
> > but please don't think that some external entity is requiring that Linux
> > implement this, that is not true.
> 
> What's the point in having the bootloader check the signature on a kernel
> (which you say is fine) if you then permit it to be modified arbitrarily once
> it is running?  If you don't have signed modules then there's no point having
> signed kernels (assuming you don't disable module loading).

I'm not saying that it isn't something nice to have, I really like
signed kernel modules.  I'm saying that the key-signing of our Linux
shim bootloader is not dependant on having signed kernel modules, that's
all.  This has been proven by the fact that we have gotten bootloaders
signed without having this functionality in the kernel at the time.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ