From: Matthew Garrett <mjg59@google.com> To: Linus Torvalds <torvalds@linux-foundation.org> Cc: luto@kernel.org, David Howells <dhowells@redhat.com>, Ard Biesheuvel <ard.biesheuvel@linaro.org>, jmorris@namei.org, Alan Cox <gnomes@lxorguk.ukuu.org.uk>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Linux Kernel Mailing List <linux-kernel@vger.kernel.org>, jforbes@redhat.com, linux-man@vger.kernel.org, jlee@suse.com, LSM List <linux-security-module@vger.kernel.org>, linux-api@vger.kernel.org, Kees Cook <keescook@chromium.org>, linux-efi <linux-efi@vger.kernel.org> Subject: Re: [GIT PULL] Kernel lockdown for secure boot Date: Wed, 04 Apr 2018 16:17:55 +0000 [thread overview] Message-ID: <CACdnJuuvXsTnmJXWjyZF15TUGo-=t__ae8EtW94FKByWEMmdEQ@mail.gmail.com> (raw) In-Reply-To: <CA+55aFyyom+jje0Q8xwLfKCWGkRbWC2Gan6xPOPWaqBCSS=5Ow@mail.gmail.com> On Wed, Apr 4, 2018 at 9:09 AM Linus Torvalds <torvalds@linux-foundation.org> wrote: > On Tue, Apr 3, 2018 at 9:30 PM, Matthew Garrett <mjg59@google.com> wrote: > > > > Bear in mind that I'm talking about defaults here > Mattyhew, I really want you to look yourself in the mirror. > Those defaults are really horrible defautls for real technical reasons. > You asked me why when I questioned this, but then when I replied, you > entirely ignored it. > So let me repeat: the defaults are *horrible*. They are horrible for a > very simple reason: kernel behavior changes that depend on some subtle > boot difference are truly nasty to debug, and nasty to get coverage > for. They're the defaults that the mainline distros have been shipping for years. So what are you actually asking for here? If you're saying that it should be possible to enable the lockdown functionality even in the absence of any kind of verified boot, then yes, I agree - I just think it makes a poor distro default to have that be the case out of the box. If you're saying that it should be possible to disable the lockdown functionality even in the presence of any kind of verified boot, then yes, I agree - I just think it makes a poor distro default to have that be the case out of the box. You're arguing against a patch that provides the default policy that distros want to ship.
WARNING: multiple messages have this Message-ID (diff)
From: mjg59@google.com (Matthew Garrett) To: linux-security-module@vger.kernel.org Subject: [GIT PULL] Kernel lockdown for secure boot Date: Wed, 04 Apr 2018 16:17:55 +0000 [thread overview] Message-ID: <CACdnJuuvXsTnmJXWjyZF15TUGo-=t__ae8EtW94FKByWEMmdEQ@mail.gmail.com> (raw) In-Reply-To: <CA+55aFyyom+jje0Q8xwLfKCWGkRbWC2Gan6xPOPWaqBCSS=5Ow@mail.gmail.com> On Wed, Apr 4, 2018 at 9:09 AM Linus Torvalds <torvalds@linux-foundation.org> wrote: > On Tue, Apr 3, 2018 at 9:30 PM, Matthew Garrett <mjg59@google.com> wrote: > > > > Bear in mind that I'm talking about defaults here > Mattyhew, I really want you to look yourself in the mirror. > Those defaults are really horrible defautls for real technical reasons. > You asked me why when I questioned this, but then when I replied, you > entirely ignored it. > So let me repeat: the defaults are *horrible*. They are horrible for a > very simple reason: kernel behavior changes that depend on some subtle > boot difference are truly nasty to debug, and nasty to get coverage > for. They're the defaults that the mainline distros have been shipping for years. So what are you actually asking for here? If you're saying that it should be possible to enable the lockdown functionality even in the absence of any kind of verified boot, then yes, I agree - I just think it makes a poor distro default to have that be the case out of the box. If you're saying that it should be possible to disable the lockdown functionality even in the presence of any kind of verified boot, then yes, I agree - I just think it makes a poor distro default to have that be the case out of the box. You're arguing against a patch that provides the default policy that distros want to ship. -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-04-04 16:18 UTC|newest] Thread overview: 252+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-03-30 23:29 [GIT PULL] Kernel lockdown for secure boot David Howells 2018-03-30 23:29 ` David Howells 2018-03-31 0:46 ` James Morris 2018-03-31 0:46 ` James Morris 2018-04-03 0:37 ` Andy Lutomirski 2018-04-03 0:37 ` Andy Lutomirski 2018-04-03 0:59 ` Kees Cook 2018-04-03 0:59 ` Kees Cook 2018-04-03 1:47 ` Andy Lutomirski 2018-04-03 1:47 ` Andy Lutomirski 2018-04-03 7:06 ` David Howells 2018-04-03 7:06 ` David Howells 2018-04-03 15:11 ` Andy Lutomirski 2018-04-03 15:11 ` Andy Lutomirski 2018-04-03 15:41 ` Alexei Starovoitov 2018-04-03 15:41 ` Alexei Starovoitov 2018-04-03 16:26 ` Andy Lutomirski 2018-04-03 16:26 ` Andy Lutomirski 2018-04-03 16:29 ` Matthew Garrett 2018-04-03 16:29 ` Matthew Garrett 2018-04-03 16:45 ` Andy Lutomirski 2018-04-03 16:45 ` Andy Lutomirski 2018-04-03 18:45 ` Kees Cook 2018-04-03 18:45 ` Kees Cook 2018-04-03 19:01 ` Andy Lutomirski 2018-04-03 19:01 ` Andy Lutomirski 2018-04-03 19:07 ` Kees Cook 2018-04-03 19:07 ` Kees Cook 2018-04-03 19:29 ` Matthew Garrett 2018-04-03 19:29 ` Matthew Garrett 2018-04-03 21:51 ` Andy Lutomirski 2018-04-03 21:51 ` Andy Lutomirski 2018-04-04 18:42 ` Peter Jones 2018-04-04 18:42 ` Peter Jones 2018-04-04 20:01 ` Thomas Gleixner 2018-04-04 20:01 ` Thomas Gleixner 2018-04-04 20:18 ` Matthew Garrett 2018-04-04 20:18 ` Matthew Garrett 2018-04-05 18:47 ` Andy Lutomirski 2018-04-05 18:47 ` Andy Lutomirski 2018-04-06 4:42 ` Peter Dolding 2018-04-06 4:42 ` Peter Dolding 2018-04-03 17:16 ` David Howells 2018-04-03 17:16 ` David Howells 2018-04-03 19:01 ` Andy Lutomirski 2018-04-03 19:01 ` Andy Lutomirski 2018-04-03 19:49 ` David Howells 2018-04-03 19:49 ` David Howells 2018-04-03 21:58 ` Andy Lutomirski 2018-04-03 21:58 ` Andy Lutomirski 2018-04-03 22:32 ` David Howells 2018-04-03 22:32 ` David Howells 2018-04-03 22:39 ` Andy Lutomirski 2018-04-03 22:39 ` Andy Lutomirski 2018-04-03 22:46 ` Linus Torvalds 2018-04-03 22:46 ` Linus Torvalds 2018-04-03 22:51 ` Matthew Garrett 2018-04-03 22:51 ` Matthew Garrett 2018-04-03 22:53 ` Andy Lutomirski 2018-04-03 22:53 ` Andy Lutomirski 2018-04-03 23:08 ` Justin Forbes 2018-04-03 23:09 ` Matthew Garrett 2018-04-03 23:09 ` Matthew Garrett 2018-04-03 23:08 ` Linus Torvalds 2018-04-03 23:08 ` Linus Torvalds 2018-04-03 23:10 ` Linus Torvalds 2018-04-03 23:10 ` Linus Torvalds 2018-04-03 23:17 ` Matthew Garrett 2018-04-03 23:17 ` Matthew Garrett 2018-04-03 23:26 ` Linus Torvalds 2018-04-03 23:26 ` Linus Torvalds 2018-04-03 23:39 ` Linus Torvalds 2018-04-03 23:39 ` Linus Torvalds 2018-04-03 23:47 ` Matthew Garrett 2018-04-03 23:47 ` Matthew Garrett 2018-04-04 0:02 ` Linus Torvalds 2018-04-04 0:02 ` Linus Torvalds 2018-04-04 0:04 ` Matthew Garrett 2018-04-04 0:04 ` Matthew Garrett 2018-04-04 0:08 ` Linus Torvalds 2018-04-04 0:08 ` Linus Torvalds 2018-04-04 0:12 ` Matthew Garrett 2018-04-04 0:12 ` Matthew Garrett 2018-04-05 14:58 ` Alan Cox 2018-04-05 14:58 ` Alan Cox 2018-04-04 0:22 ` David Howells 2018-04-04 0:22 ` David Howells 2018-04-04 0:22 ` David Howells 2018-04-05 17:59 ` Alan Cox 2018-04-05 17:59 ` Alan Cox 2018-04-05 18:03 ` Matthew Garrett 2018-04-05 18:03 ` Matthew Garrett 2018-04-03 23:45 ` Matthew Garrett 2018-04-03 23:45 ` Matthew Garrett 2018-04-03 23:55 ` Linus Torvalds 2018-04-03 23:55 ` Linus Torvalds 2018-04-03 23:59 ` Matthew Garrett 2018-04-03 23:59 ` Matthew Garrett 2018-04-04 0:06 ` Linus Torvalds 2018-04-04 0:06 ` Linus Torvalds 2018-04-04 0:10 ` Matthew Garrett 2018-04-04 0:10 ` Matthew Garrett 2018-04-04 0:15 ` Linus Torvalds 2018-04-04 0:15 ` Linus Torvalds 2018-04-04 0:16 ` Matthew Garrett 2018-04-04 0:16 ` Matthew Garrett 2018-04-04 0:18 ` Andy Lutomirski 2018-04-04 0:18 ` Andy Lutomirski 2018-04-04 0:19 ` Matthew Garrett 2018-04-04 0:19 ` Matthew Garrett 2018-04-04 9:04 ` Greg Kroah-Hartman 2018-04-04 9:04 ` Greg Kroah-Hartman 2018-04-04 0:25 ` Linus Torvalds 2018-04-04 0:25 ` Linus Torvalds 2018-04-04 0:33 ` Linus Torvalds 2018-04-04 0:33 ` Linus Torvalds 2018-04-04 0:46 ` Matthew Garrett 2018-04-04 0:46 ` Matthew Garrett 2018-04-04 0:56 ` Linus Torvalds 2018-04-04 0:56 ` Linus Torvalds 2018-04-04 1:13 ` Matthew Garrett 2018-04-04 1:13 ` Matthew Garrett 2018-04-04 1:43 ` Linus Torvalds 2018-04-04 1:43 ` Linus Torvalds 2018-04-04 4:30 ` Matthew Garrett 2018-04-04 4:30 ` Matthew Garrett 2018-04-04 12:57 ` Theodore Y. Ts'o 2018-04-04 12:57 ` Theodore Y. Ts'o 2018-04-04 13:02 ` Greg Kroah-Hartman 2018-04-04 13:02 ` Greg Kroah-Hartman 2018-04-04 13:34 ` Theodore Y. Ts'o 2018-04-04 13:34 ` Theodore Y. Ts'o 2018-04-04 13:57 ` Greg Kroah-Hartman 2018-04-04 13:57 ` Greg Kroah-Hartman 2018-04-04 13:29 ` Mike Galbraith 2018-04-04 13:29 ` Mike Galbraith 2018-04-04 16:20 ` Matthew Garrett 2018-04-04 16:20 ` Matthew Garrett 2018-04-08 22:00 ` Pavel Machek 2018-04-04 13:33 ` David Howells 2018-04-04 13:33 ` David Howells 2018-04-04 13:52 ` Theodore Y. Ts'o 2018-04-04 13:52 ` Theodore Y. Ts'o 2018-04-04 16:22 ` Matthew Garrett 2018-04-04 16:22 ` Matthew Garrett 2018-04-04 16:39 ` Andy Lutomirski 2018-04-04 16:39 ` Andy Lutomirski 2018-04-04 16:42 ` Matthew Garrett 2018-04-04 16:42 ` Matthew Garrett 2018-04-04 16:46 ` Justin Forbes 2018-04-04 16:46 ` Justin Forbes 2018-04-05 0:05 ` Peter Dolding 2018-04-05 0:05 ` Peter Dolding 2018-04-05 0:20 ` Matthew Garrett 2018-04-05 0:20 ` Matthew Garrett 2018-04-04 13:57 ` David Howells 2018-04-04 13:57 ` David Howells 2018-04-04 16:09 ` Linus Torvalds 2018-04-04 16:09 ` Linus Torvalds 2018-04-04 16:17 ` Matthew Garrett [this message] 2018-04-04 16:17 ` Matthew Garrett 2018-04-04 6:56 ` Peter Dolding 2018-04-04 6:56 ` Peter Dolding 2018-04-04 16:26 ` Matthew Garrett 2018-04-04 16:26 ` Matthew Garrett 2018-04-05 1:28 ` Peter Dolding 2018-04-05 1:28 ` Peter Dolding 2018-04-04 1:30 ` Justin Forbes 2018-04-04 1:58 ` Linus Torvalds 2018-04-04 1:58 ` Linus Torvalds 2018-04-04 1:36 ` Justin Forbes 2018-04-04 1:36 ` Justin Forbes 2018-04-04 0:17 ` Jann Horn 2018-04-04 0:17 ` Jann Horn 2018-04-04 0:23 ` Andy Lutomirski 2018-04-04 0:23 ` Andy Lutomirski 2018-04-04 8:05 ` David Howells 2018-04-04 8:05 ` David Howells 2018-04-04 8:05 ` David Howells 2018-04-04 14:35 ` Andy Lutomirski 2018-04-04 14:35 ` Andy Lutomirski 2018-04-04 14:44 ` David Howells 2018-04-04 14:44 ` David Howells 2018-04-04 14:44 ` David Howells 2018-04-04 15:43 ` Eric W. Biederman 2018-04-04 15:43 ` Eric W. Biederman 2018-04-03 23:56 ` David Howells 2018-04-03 23:56 ` David Howells 2018-04-03 23:56 ` David Howells 2018-04-03 23:58 ` Linus Torvalds 2018-04-03 23:58 ` Linus Torvalds 2018-04-03 23:39 ` David Howells 2018-04-03 23:39 ` David Howells 2018-04-03 23:48 ` Andy Lutomirski 2018-04-03 23:48 ` Andy Lutomirski 2018-04-08 8:23 ` Pavel Machek 2018-04-03 23:12 ` David Howells 2018-04-03 23:12 ` David Howells 2018-04-03 23:27 ` Linus Torvalds 2018-04-03 23:27 ` Linus Torvalds 2018-04-03 23:42 ` Andy Lutomirski 2018-04-03 23:42 ` Andy Lutomirski 2018-04-03 20:53 ` Linus Torvalds 2018-04-03 20:53 ` Linus Torvalds 2018-04-03 20:54 ` Matthew Garrett 2018-04-03 20:54 ` Matthew Garrett 2018-04-03 21:01 ` Linus Torvalds 2018-04-03 21:01 ` Linus Torvalds 2018-04-03 21:08 ` Matthew Garrett 2018-04-03 21:08 ` Matthew Garrett 2018-04-03 21:21 ` Al Viro 2018-04-03 21:21 ` Al Viro 2018-04-03 21:37 ` Matthew Garrett 2018-04-03 21:37 ` Matthew Garrett 2018-04-03 21:26 ` Linus Torvalds 2018-04-03 21:26 ` Linus Torvalds 2018-04-03 21:32 ` Matthew Garrett 2018-04-03 21:32 ` Matthew Garrett 2018-04-08 8:10 ` Pavel Machek 2018-03-31 10:20 ` David Howells 2018-03-31 10:20 ` David Howells 2018-04-03 13:25 ` Ard Biesheuvel 2018-04-03 13:25 ` Ard Biesheuvel 2018-04-03 21:48 ` James Morris 2018-04-03 21:48 ` James Morris 2018-04-05 17:53 ` Alan Cox 2018-04-05 17:53 ` Alan Cox 2018-11-21 12:05 ` [PATCH next-lockdown 0/1] debugfs EPERM fix for 'Kernel lockdown for secure boot' patch series Vasily Gorbik 2018-11-21 12:05 ` [PATCH next-lockdown 1/1] debugfs: avoid EPERM when no open file operation defined Vasily Gorbik -- strict thread matches above, loose matches on Subject: below -- 2018-04-04 2:34 [GIT PULL] Kernel lockdown for secure boot Alexei Starovoitov 2018-04-04 2:34 ` Alexei Starovoitov 2018-04-04 4:31 ` Matthew Garrett 2018-04-04 4:31 ` Matthew Garrett 2018-04-08 7:44 ` joeyli 2018-04-08 7:44 ` joeyli 2018-04-08 8:07 ` joeyli 2018-04-08 8:07 ` joeyli 2018-04-09 3:40 ` Alexei Starovoitov 2018-04-09 3:40 ` Alexei Starovoitov 2018-04-09 8:14 ` Daniel Borkmann 2018-04-09 8:14 ` Daniel Borkmann 2018-04-09 13:55 ` joeyli 2018-04-09 13:55 ` joeyli 2017-10-26 16:37 David Howells 2017-10-26 16:37 ` David Howells 2017-10-26 16:37 ` David Howells 2017-10-26 18:22 ` Mimi Zohar 2017-10-26 18:22 ` Mimi Zohar 2017-10-26 18:22 ` Mimi Zohar 2017-10-26 19:20 ` James Morris 2017-10-26 19:20 ` James Morris 2017-10-26 19:20 ` James Morris
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to='CACdnJuuvXsTnmJXWjyZF15TUGo-=t__ae8EtW94FKByWEMmdEQ@mail.gmail.com' \ --to=mjg59@google.com \ --cc=ard.biesheuvel@linaro.org \ --cc=dhowells@redhat.com \ --cc=gnomes@lxorguk.ukuu.org.uk \ --cc=gregkh@linuxfoundation.org \ --cc=jforbes@redhat.com \ --cc=jlee@suse.com \ --cc=jmorris@namei.org \ --cc=keescook@chromium.org \ --cc=linux-api@vger.kernel.org \ --cc=linux-efi@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-man@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=luto@kernel.org \ --cc=torvalds@linux-foundation.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.