From mboxrd@z Thu Jan 1 00:00:00 1970 From: torvalds@linux-foundation.org (Linus Torvalds) Date: Tue, 3 Apr 2018 17:02:46 -0700 Subject: [GIT PULL] Kernel lockdown for secure boot In-Reply-To: References: <4136.1522452584@warthog.procyon.org.uk> <186aeb7e-1225-4bb8-3ff5-863a1cde86de@kernel.org> <30459.1522739219@warthog.procyon.org.uk> <9758.1522775763@warthog.procyon.org.uk> <13189.1522784944@warthog.procyon.org.uk> <9349.1522794769@warthog.procyon.org.uk> Message-ID: To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org On Tue, Apr 3, 2018 at 4:47 PM, Matthew Garrett wrote: >> Another way of looking at this: if lockdown is a good idea to enable >> when you booted using secure boot, then why isn't it a good idea when >> you *didn't* boot using secure boot? > > Because it's then trivial to circumvent and the restrictions aren't worth > the benefit. Bullshit. If there those restrictions cause problems, they need to be fixed regardless. In fact, from a debuggability standpoint, you want to find the problems early, on those kernel development machines that had secure boot explicitly turned off because it's such a pain. And if they can't be fixed, then the user is going to disable lockdown regardless of how he booted the machine. In no situation is "depending on how you booted" a good choice. Either you can enable it or you can't. If you can, good. And if you can't, it has nothing to do with secure boot. Linus -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html