From: Matthew Garrett <matthew.garrett@nebula.com> To: "gnomes@lxorguk.ukuu.org.uk" <gnomes@lxorguk.ukuu.org.uk> Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>, "jmorris@namei.org" <jmorris@namei.org>, "keescook@chromium.org" <keescook@chromium.org>, "linux-security-module@vger.kernel.org" <linux-security-module@vger.kernel.org>, "akpm@linux-foundation.org" <akpm@linux-foundation.org>, "hpa@zytor.com" <hpa@zytor.com>, "jwboyer@fedoraproject.org" <jwboyer@fedoraproject.org>, "linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>, "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org> Subject: Re: Trusted kernel patchset for Secure Boot lockdown Date: Fri, 14 Mar 2014 21:56:33 +0000 [thread overview] Message-ID: <1394834193.1286.11.camel@x230> (raw) In-Reply-To: <20140314214806.54a3d031@alan.etchedpixels.co.uk> [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #1: Type: text/plain; charset="utf-8", Size: 2016 bytes --] On Fri, 2014-03-14 at 21:48 +0000, One Thousand Gnomes wrote: > In your particularly implementation maybe you've got a weak setup where > you don't measure down to your initrd. That's a *flaw* in your > implementation. Don't inflict your limitations on others or on the > future. EFI is only one (and not a very strong one at that) implementation > of a 'secure' boot chain. A lot of other systems can not only propogate > measurement and security assertions into their initrd they can propogate > them into their rootfs (yes upgrades are .. exciting, but these kinds of > users will live with that pain). Signed userspace is not a requirement, and therefore any solution that relies on a signed initrd is inadequate. There are use cases that require verification of the initrd and other levels. This isn't one of them. > Even in EFI you can make your kernel or loader check the initrd signature > and the rootfs signature if you want. Except the initramfs gets built at kernel install time. > > The fact that you keep saying measured really does make me suspect that > > you misunderstand the problem. There's no measurement involved, there's > > simply an assertion that the firmware (which you're forced to trust) > > chose, via some policy you may be unaware of, to trust the booted > > kernel. > > You are currently using some of those interfaces for measuring to produce > a notionally 'trusted' initial loaded environment. > > Correct me if I am wrong but your starting point is "I have a chain of > measurement as far as the kernel I load". Without that I can just go into > grub and 0wn you. In my use case. But not all implementations will be measuring things - they can assert that the kernel is trustworthy through some other mechanism. This genuinely is about trust, not measurement. -- Matthew Garrett <matthew.garrett@nebula.com> ÿôèº{.nÇ+·®+%Ëÿ±éݶ\x17¥wÿº{.nÇ+·¥{±þG«éÿ{ayº\x1dÊÚë,j\a¢f£¢·hïêÿêçz_è®\x03(éÝ¢j"ú\x1a¶^[m§ÿÿ¾\a«þG«éÿ¢¸?¨èÚ&£ø§~á¶iOæ¬z·vØ^\x14\x04\x1a¶^[m§ÿÿÃ\fÿ¶ìÿ¢¸?I¥
WARNING: multiple messages have this Message-ID (diff)
From: Matthew Garrett <matthew.garrett@nebula.com> To: "gnomes@lxorguk.ukuu.org.uk" <gnomes@lxorguk.ukuu.org.uk> Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>, "jmorris@namei.org" <jmorris@namei.org>, "keescook@chromium.org" <keescook@chromium.org>, "linux-security-module@vger.kernel.org" <linux-security-module@vger.kernel.org>, "akpm@linux-foundation.org" <akpm@linux-foundation.org>, "hpa@zytor.com" <hpa@zytor.com>, "jwboyer@fedoraproject.org" <jwboyer@fedoraproject.org>, "linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>, "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org> Subject: Re: Trusted kernel patchset for Secure Boot lockdown Date: Fri, 14 Mar 2014 21:56:33 +0000 [thread overview] Message-ID: <1394834193.1286.11.camel@x230> (raw) In-Reply-To: <20140314214806.54a3d031@alan.etchedpixels.co.uk> On Fri, 2014-03-14 at 21:48 +0000, One Thousand Gnomes wrote: > In your particularly implementation maybe you've got a weak setup where > you don't measure down to your initrd. That's a *flaw* in your > implementation. Don't inflict your limitations on others or on the > future. EFI is only one (and not a very strong one at that) implementation > of a 'secure' boot chain. A lot of other systems can not only propogate > measurement and security assertions into their initrd they can propogate > them into their rootfs (yes upgrades are .. exciting, but these kinds of > users will live with that pain). Signed userspace is not a requirement, and therefore any solution that relies on a signed initrd is inadequate. There are use cases that require verification of the initrd and other levels. This isn't one of them. > Even in EFI you can make your kernel or loader check the initrd signature > and the rootfs signature if you want. Except the initramfs gets built at kernel install time. > > The fact that you keep saying measured really does make me suspect that > > you misunderstand the problem. There's no measurement involved, there's > > simply an assertion that the firmware (which you're forced to trust) > > chose, via some policy you may be unaware of, to trust the booted > > kernel. > > You are currently using some of those interfaces for measuring to produce > a notionally 'trusted' initial loaded environment. > > Correct me if I am wrong but your starting point is "I have a chain of > measurement as far as the kernel I load". Without that I can just go into > grub and 0wn you. In my use case. But not all implementations will be measuring things - they can assert that the kernel is trustworthy through some other mechanism. This genuinely is about trust, not measurement. -- Matthew Garrett <matthew.garrett@nebula.com>
next prev parent reply other threads:[~2014-03-14 21:56 UTC|newest] Thread overview: 128+ messages / expand[flat|nested] mbox.gz Atom feed top 2014-02-26 20:11 Trusted kernel patchset for Secure Boot lockdown Matthew Garrett 2014-02-26 20:11 ` [PATCH 01/12] Add support for indicating that the booted kernel is externally trusted Matthew Garrett 2014-02-27 19:02 ` Kees Cook 2014-02-27 19:02 ` Kees Cook 2014-03-31 14:49 ` Pavel Machek 2014-02-26 20:11 ` [PATCH 02/12] Enforce module signatures when trusted kernel is enabled Matthew Garrett 2014-02-26 20:11 ` Matthew Garrett 2014-02-26 20:11 ` [PATCH 03/12] PCI: Lock down BAR access when trusted_kernel is true Matthew Garrett 2014-02-26 20:11 ` [PATCH 04/12] x86: Lock down IO port " Matthew Garrett 2014-02-26 20:11 ` [PATCH 05/12] Restrict /dev/mem and /dev/kmem " Matthew Garrett 2014-02-26 20:11 ` [PATCH 06/12] acpi: Limit access to custom_method if " Matthew Garrett 2014-02-26 20:11 ` [PATCH 07/12] acpi: Ignore acpi_rsdp kernel parameter when " Matthew Garrett 2014-02-26 20:11 ` [PATCH 08/12] kexec: Disable at runtime if " Matthew Garrett 2014-02-26 20:11 ` [PATCH 09/12] uswsusp: Disable when " Matthew Garrett 2014-02-26 20:11 ` Matthew Garrett 2014-03-31 14:49 ` Pavel Machek 2014-02-26 20:11 ` [PATCH 10/12] x86: Restrict MSR access " Matthew Garrett 2014-02-26 20:11 ` [PATCH 11/12] asus-wmi: Restrict debugfs interface " Matthew Garrett 2014-02-26 20:11 ` [PATCH 12/12] Add option to automatically set trusted_kernel when in Secure Boot mode Matthew Garrett 2014-02-26 20:11 ` Matthew Garrett 2014-02-26 22:41 ` One Thousand Gnomes 2014-02-26 22:41 ` One Thousand Gnomes 2014-02-26 22:47 ` H. Peter Anvin 2014-02-26 22:48 ` Matthew Garrett 2014-02-26 22:48 ` Matthew Garrett 2014-02-27 18:48 ` Kees Cook 2014-02-27 18:48 ` Kees Cook 2014-02-26 21:11 ` Trusted kernel patchset for Secure Boot lockdown Kees Cook 2014-02-26 22:21 ` One Thousand Gnomes 2014-02-26 22:21 ` One Thousand Gnomes 2014-02-27 9:54 ` Alon Ziv 2014-03-19 17:42 ` Florian Weimer 2014-03-19 17:42 ` Florian Weimer 2014-02-27 18:04 ` Josh Boyer 2014-02-27 18:04 ` Josh Boyer 2014-02-27 19:07 ` Greg KH 2014-02-27 19:11 ` Josh Boyer 2014-02-27 19:11 ` Josh Boyer 2014-02-28 12:50 ` Josh Boyer 2014-02-28 3:03 ` James Morris 2014-02-28 4:52 ` Matthew Garrett 2014-02-28 4:52 ` Matthew Garrett 2014-03-13 5:01 ` Matthew Garrett 2014-03-13 5:01 ` Matthew Garrett 2014-03-13 6:22 ` Kees Cook 2014-03-13 6:22 ` Kees Cook 2014-03-13 9:33 ` James Morris 2014-03-13 9:33 ` James Morris 2014-03-13 10:12 ` One Thousand Gnomes 2014-03-13 10:12 ` One Thousand Gnomes 2014-03-13 15:54 ` H. Peter Anvin 2014-03-13 15:54 ` H. Peter Anvin 2014-03-13 15:59 ` Matthew Garrett 2014-03-13 15:59 ` Matthew Garrett 2014-03-13 21:24 ` One Thousand Gnomes 2014-03-13 21:24 ` One Thousand Gnomes 2014-03-13 21:28 ` H. Peter Anvin 2014-03-13 21:28 ` H. Peter Anvin 2014-03-13 21:32 ` Matthew Garrett 2014-03-13 21:32 ` Matthew Garrett 2014-03-13 21:30 ` Matthew Garrett 2014-03-13 21:30 ` Matthew Garrett 2014-03-13 23:21 ` One Thousand Gnomes 2014-03-13 23:21 ` One Thousand Gnomes 2014-03-14 1:57 ` Matthew Garrett 2014-03-14 1:57 ` Matthew Garrett 2014-03-14 12:22 ` One Thousand Gnomes 2014-03-14 12:22 ` One Thousand Gnomes 2014-03-14 12:51 ` Matthew Garrett 2014-03-14 12:51 ` Matthew Garrett 2014-03-14 15:23 ` Kees Cook 2014-03-14 15:23 ` Kees Cook 2014-03-14 15:46 ` Matthew Garrett 2014-03-14 15:46 ` Matthew Garrett 2014-03-14 15:54 ` Kees Cook 2014-03-14 15:54 ` Kees Cook 2014-03-14 15:58 ` Matthew Garrett 2014-03-14 15:58 ` Matthew Garrett 2014-03-14 16:28 ` One Thousand Gnomes 2014-03-14 16:28 ` One Thousand Gnomes 2014-03-14 17:06 ` One Thousand Gnomes 2014-03-14 17:06 ` One Thousand Gnomes 2014-03-14 18:11 ` Matthew Garrett 2014-03-14 18:11 ` Matthew Garrett 2014-03-14 19:24 ` Matthew Garrett 2014-03-14 19:24 ` Matthew Garrett 2014-03-14 20:37 ` David Lang 2014-03-14 20:37 ` David Lang 2014-03-14 20:43 ` Matthew Garrett 2014-03-14 20:43 ` Matthew Garrett 2014-03-14 21:58 ` One Thousand Gnomes 2014-03-14 21:58 ` One Thousand Gnomes 2014-03-14 22:04 ` Matthew Garrett 2014-03-14 22:04 ` Matthew Garrett 2014-03-14 21:48 ` One Thousand Gnomes 2014-03-14 21:48 ` One Thousand Gnomes 2014-03-14 21:56 ` Matthew Garrett [this message] 2014-03-14 21:56 ` Matthew Garrett 2014-03-14 22:08 ` One Thousand Gnomes 2014-03-14 22:08 ` One Thousand Gnomes 2014-03-14 22:15 ` Matthew Garrett 2014-03-14 22:15 ` Matthew Garrett 2014-03-14 22:31 ` One Thousand Gnomes 2014-03-14 22:31 ` One Thousand Gnomes 2014-03-14 22:52 ` Matthew Garrett 2014-03-14 22:52 ` Matthew Garrett 2014-03-19 19:50 ` Kees Cook 2014-03-19 19:50 ` Kees Cook 2014-03-14 23:18 ` Theodore Ts'o 2014-03-14 23:18 ` Theodore Ts'o 2014-03-15 0:15 ` One Thousand Gnomes 2014-03-15 0:15 ` One Thousand Gnomes 2014-03-19 17:49 ` Florian Weimer 2014-03-19 17:49 ` Florian Weimer 2014-03-19 20:16 ` Kees Cook 2014-03-19 20:16 ` Kees Cook 2014-03-20 14:47 ` One Thousand Gnomes 2014-03-20 14:47 ` One Thousand Gnomes 2014-03-20 14:55 ` tytso 2014-03-20 14:55 ` tytso 2014-03-20 17:12 ` Matthew Garrett 2014-03-20 17:12 ` Matthew Garrett 2014-03-20 18:13 ` One Thousand Gnomes 2014-03-20 18:13 ` One Thousand Gnomes 2014-03-13 21:26 ` One Thousand Gnomes 2014-03-13 21:26 ` One Thousand Gnomes 2014-03-13 21:31 ` Matthew Garrett 2014-03-13 21:31 ` Matthew Garrett
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1394834193.1286.11.camel@x230 \ --to=matthew.garrett@nebula.com \ --cc=akpm@linux-foundation.org \ --cc=gnomes@lxorguk.ukuu.org.uk \ --cc=gregkh@linuxfoundation.org \ --cc=hpa@zytor.com \ --cc=jmorris@namei.org \ --cc=jwboyer@fedoraproject.org \ --cc=keescook@chromium.org \ --cc=linux-efi@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.