lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 26 Feb 2013 22:57:38 +0100
From:	Geert Uytterhoeven <geert@...ux-m68k.org>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Matthew Garrett <mjg59@...f.ucam.org>,
	Greg KH <gregkh@...uxfoundation.org>,
	David Howells <dhowells@...hat.com>,
	Florian Weimer <fw@...eb.enyo.de>,
	Josh Boyer <jwboyer@...hat.com>,
	Peter Jones <pjones@...hat.com>,
	Vivek Goyal <vgoyal@...hat.com>,
	Kees Cook <keescook@...omium.org>, keyrings@...ux-nfs.org,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] Load keys from signed PE binaries

On Tue, Feb 26, 2013 at 5:43 AM, Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
> On Mon, Feb 25, 2013 at 8:23 PM, Matthew Garrett <mjg59@...f.ucam.org> wrote:
>> If the user has explicitly enrolled a hash then they're stepping outside
>> the trust model.
>
> This is the kind of totally bogus crap that no sane person should ever
> spout. Stop it.
>
> If the user has explicitly enrolled a hash, then that should be the
> *primary* trust model, dammit. That should be very much what you
> should care about first and foremost, and that should be your goal in
> life. That's when the user says "I'm in control of my own machine, and
> I want to trust *this*".
>
> It's not about "stepping outside of the trust model". Quite the
> reverse. It's about actually being *part* of the trust model, and
> taking control of your own machine. It's the *good* scenario. It's
> what you should encourage users to do.

Indeed.

But explicitly enrolling your own hash is not enough to take control.
You must also remove the other hashes that are already present, since
you don't control what's signed using the corresponding private keys.

BTW, I assume UEFI checks itself if enrolled hashes have been revoked,
so it must phone home to some server? That must be disabled as well.

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ