| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Mar 2014 19:18:32 -0400 From: Theodore Ts'o <tytso@....edu> To: One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk> Cc: Matthew Garrett <matthew.garrett@...ula.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "jmorris@...ei.org" <jmorris@...ei.org>, "keescook@...omium.org" <keescook@...omium.org>, "linux-security-module@...r.kernel.org" <linux-security-module@...r.kernel.org>, "akpm@...ux-foundation.org" <akpm@...ux-foundation.org>, "hpa@...or.com" <hpa@...or.com>, "jwboyer@...oraproject.org" <jwboyer@...oraproject.org>, "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>, "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org> Subject: Re: Trusted kernel patchset for Secure Boot lockdown On Fri, Mar 14, 2014 at 10:08:40PM +0000, One Thousand Gnomes wrote: > > Signed userspace is not a requirement, and therefore any solution that > > relies on a signed initrd is inadequate. There are use cases that > > require verification of the initrd and other levels. This isn't one of > > them. > > The job of the kernel is to solve the general problem. There are lots of > people who happen to care about verification beyond the kernel so it > shouldn't be ignored. And they can do do things like load trusted SELinux > rulesets even if you can't support it in your environment. This is really a question about goals and trust models. Alan is arguing that we should support trust models and goals which go far beyond the goals and trust model of the UEFI Forum. Matthew is, I think, trying to make the argument that his patches fulfill the goals that are needed so we can boot Linux distribution kernels on UEFI secure boot machines without worrying about Microsoft deciding to revoke keys so that Red Hat or SuSE will no longer be able to be bootable on desktops that are certified for Windows 8. And while we might want to improve the framework to support other trust models later on, supporting distro kernels on Windows 8 certified PC's is important enough that we should let these patches into mainline. Is that a fair summary of the two viewpoints? Personally, I think that we are fortunate that Windows 8 has been enough of a train wreck that huge numbers of users have been taking Windows 8 systems and upgrading them to Windows 7, and hence the need for Distro kernels that can boot on fully locked down Windows 8 PC's. But at some point, whether it is a few years or a decade later (if Windows 7 lives on as long as XP :-), Windows 7 will be EOL'ed, and even before that, UEFI secure boot will be enabled by default. Right now, even though Lenovo laptops are shipping with Windows 8. UEFI secure boot is not made mandatory (although it is on enough to brick the laptop when it runs into bugs wwith the UEFI BIOS code, sigh). But sooner or later, UEFI secure boot will be on by default, and then if Linux distros don't have kernels where the installer can be run without needing to twiddle BIOS settings, it might make it harder for the "Year of the Desktop" to come about. So as far as the narrow question of whether we should accept these patches, I think it's a good thing. Personally, I'm always going to be disabling UEFI secure boot (even if it doesn't brick my laptop), because for me, the security guarantees it provides isn't worth it. But there will be people who want to be able to install Linux on Windows 8 certified PC's without tweaking BIOS settings, so merging the UEFI secure boot is a good thing, so long as those of use who don't want to have anything to do with UEFI secure boot can disable it. Regards, - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists