From: Matthew Garrett <mjg59@srcf.ucam.org>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
Josh Boyer <jwboyer@redhat.com>,
David Howells <dhowells@redhat.com>,
Dmitry Kasatkin <d.kasatkin@samsung.com>,
keyrings <keyrings@linux-nfs.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
linux-security-module <linux-security-module@vger.kernel.org>
Subject: Re: [PATCH 0/4] KEYS: validate key trust with owner and builtin keys only
Date: Wed, 11 Jun 2014 03:22:22 +0100 [thread overview]
Message-ID: <20140611022222.GA2349@srcf.ucam.org> (raw)
In-Reply-To: <1402449893.612.14.camel@dhcp-9-2-203-236.watson.ibm.com>
On Tue, Jun 10, 2014 at 09:24:53PM -0400, Mimi Zohar wrote:
> On Tue, 2014-06-10 at 22:40 +0100, Matthew Garrett wrote:
> > The hole is that the system trusts keys that you don't trust. The
> > appropriate thing to do is to remove that trust from the entire system,
> > not just one layer of the system. If people gain the impression that
> > they can simply pass a kernel parameter and avoid trusting the vendor
> > keys, they'll be upset to discover that it's easily circumvented.
>
> Assuming I remove all the keys I don't trust, there are still keys that
> are trusted while booting, but are not necessary afterwards. We should
> be able to limit the scope of where and when keys are trusted.
Providing a userspace mechanism for selectively dropping keys from the
kernel seems like a good thing?
--
Matthew Garrett | mjg59@srcf.ucam.org
next prev parent reply other threads:[~2014-06-11 2:22 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-03 17:58 [RFC PATCH v5 0/4] ima: extending secure boot certificate chain of trust Mimi Zohar
2014-06-03 17:58 ` [RFC PATCH v5 1/4] KEYS: special dot prefixed keyring name bug fix Mimi Zohar
2014-06-06 21:48 ` Dmitry Kasatkin
2014-06-06 22:00 ` Mimi Zohar
2014-06-09 7:56 ` Dmitry Kasatkin
2014-06-09 8:17 ` Dmitry Kasatkin
2014-06-03 17:58 ` [RFC PATCH v5 2/4] KEYS: verify a certificate is signed by a 'trusted' key Mimi Zohar
2014-06-06 21:50 ` Dmitry Kasatkin
2014-06-09 13:13 ` Dmitry Kasatkin
2014-06-09 13:48 ` Mimi Zohar
2014-06-09 14:57 ` Dmitry Kasatkin
2014-06-03 17:58 ` [RFC PATCH v5 3/4] ima: define '.ima' as a builtin 'trusted' keyring Mimi Zohar
2014-06-06 21:53 ` Dmitry Kasatkin
2014-06-06 23:27 ` Mimi Zohar
2014-06-09 8:45 ` Dmitry Kasatkin
2014-06-03 17:58 ` [RFC PATCH v5 4/4] KEYS: define an owner trusted keyring Mimi Zohar
2014-06-09 12:13 ` Dmitry Kasatkin
2014-06-09 12:51 ` Mimi Zohar
2014-06-09 13:05 ` Dmitry Kasatkin
2014-06-09 13:48 ` Mimi Zohar
2014-06-09 13:58 ` Dmitry Kasatkin
2014-06-09 14:06 ` Dmitry Kasatkin
2014-06-09 16:33 ` Mimi Zohar
2014-06-10 8:48 ` [PATCH 0/4] KEYS: validate key trust with owner and builtin keys only Dmitry Kasatkin
2014-06-10 8:48 ` [PATCH 1/4] KEYS: define an owner trusted keyring Dmitry Kasatkin
2014-06-10 12:24 ` Josh Boyer
2014-06-10 12:41 ` Dmitry Kasatkin
2014-06-10 13:07 ` Mimi Zohar
2014-06-10 8:48 ` [PATCH 2/4] KEYS: fix couple of things Dmitry Kasatkin
2014-06-10 8:48 ` [PATCH 3/4] KEYS: validate key trust only with selected owner key Dmitry Kasatkin
2014-06-12 16:03 ` Vivek Goyal
2014-06-12 16:55 ` Mimi Zohar
2014-06-12 17:00 ` Vivek Goyal
2014-06-12 17:17 ` Mimi Zohar
2014-06-12 17:23 ` Vivek Goyal
2014-06-12 17:23 ` Dmitry Kasatkin
2014-06-12 17:32 ` Vivek Goyal
2014-06-12 17:37 ` Mimi Zohar
2014-06-12 18:36 ` Dmitry Kasatkin
2014-06-12 19:01 ` Vivek Goyal
2014-06-12 19:04 ` Dmitry Kasatkin
2014-06-12 19:05 ` Vivek Goyal
2014-06-12 19:15 ` Dmitry Kasatkin
2014-06-10 8:48 ` [PATCH 4/4] KEYS: validate key trust only with builtin keys Dmitry Kasatkin
2014-06-10 12:20 ` [PATCH 0/4] KEYS: validate key trust with owner and builtin keys only Josh Boyer
2014-06-10 12:52 ` Mimi Zohar
2014-06-10 13:21 ` Dmitry Kasatkin
2014-06-10 13:29 ` Josh Boyer
2014-06-10 14:53 ` Mimi Zohar
2014-06-10 12:58 ` Dmitry Kasatkin
2014-06-10 15:08 ` Matthew Garrett
2014-06-10 20:39 ` Dmitry Kasatkin
[not found] ` <CACE9dm9Ff6b3J=05QfcgBv-c_y=5qGNq1-ZSfo4smtj34i1e-A@mail.gmail.com>
2014-06-10 20:40 ` Matthew Garrett
2014-06-10 21:00 ` Dmitry Kasatkin
2014-06-10 21:17 ` Dmitry Kasatkin
2014-06-10 21:25 ` Matthew Garrett
2014-06-10 21:34 ` Dmitry Kasatkin
2014-06-10 21:40 ` Matthew Garrett
2014-06-10 21:45 ` Dmitry Kasatkin
2014-06-11 1:24 ` Mimi Zohar
2014-06-11 2:22 ` Matthew Garrett [this message]
2014-06-11 3:08 ` Mimi Zohar
2014-06-11 3:23 ` Matthew Garrett
2014-06-11 12:30 ` Mimi Zohar
2014-06-11 15:20 ` Matthew Garrett
2014-06-27 14:16 ` David Howells
2014-06-10 21:40 ` Dmitry Kasatkin
2014-06-10 12:45 ` Mimi Zohar
2014-06-10 12:49 ` Dmitry Kasatkin
2014-06-11 20:49 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140611022222.GA2349@srcf.ucam.org \
--to=mjg59@srcf.ucam.org \
--cc=d.kasatkin@samsung.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=jwboyer@redhat.com \
--cc=keyrings@linux-nfs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.