From: Vivek Goyal <vgoyal@redhat.com>
To: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
"Theodore Ts'o" <tytso@mit.edu>,
Greg KH <gregkh@linuxfoundation.org>,
David Howells <dhowells@redhat.com>,
Florian Weimer <fw@deneb.enyo.de>,
Josh Boyer <jwboyer@redhat.com>, Peter Jones <pjones@redhat.com>,
Kees Cook <keescook@chromium.org>,
keyrings@linux-nfs.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [GIT PULL] Load keys from signed PE binaries
Date: Tue, 26 Feb 2013 10:38:46 -0500 [thread overview]
Message-ID: <20130226153846.GA16094@redhat.com> (raw)
In-Reply-To: <20130226153045.GA10535@redhat.com>
On Tue, Feb 26, 2013 at 10:30:45AM -0500, Vivek Goyal wrote:
> On Tue, Feb 26, 2013 at 04:57:47AM +0000, Matthew Garrett wrote:
>
> [..]
> > > - encourage things like per-host random keys - with the stupid UEFI
> > > checks disabled entirely if required. They are almost certainly going
> > > to be *more* secure than depending on some crazy root of trust based
> > > on a big company, with key signing authorities that trust anybody with
> > > a credit card. Try to teach people about things like that instead.
> > > Encourage people to do their own (random) keys, and adding those to
> > > their UEFI setups (or not: the whole UEFI thing is more about control
> > > than security), and strive to do things like one-time signing with the
> > > private key thrown out entirely. IOW try to encourage *that* kind of
> > > "we made sure to ask the user very explicitly with big warnings and
> > > create his own key for that particular module" security. Real
> > > security, not "we control the user" security.
> >
> > Yes, ideally people will engage in self-signing and distributions will
> > have mechanisms for dealing with that.
>
> So even if a user installs its own keys in UEFI to boot self signed
> shim, kernel and modules, I am assuming that we will still need to
> make sure kexec does not load and run an unsigned kernel? (Otherwise
> there is no point in installing user keys in UEFI and there is an
> easy way to bypass it).
As I am kind of lost in the long mail thread, so I will ask. If a user
installs its own keys in UEFI database and boots self signed linux
kernel, will we still make sure that no unsigned code can be run at
ring 0 (without explicitly asking user on console).
Thanks
Vivek
next prev parent reply other threads:[~2013-02-26 15:38 UTC|newest]
Thread overview: 124+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-21 15:47 [GIT PULL] Load keys from signed PE binaries David Howells
2013-02-21 16:39 ` Linus Torvalds
2013-02-21 16:42 ` Matthew Garrett
2013-02-21 16:58 ` Linus Torvalds
2013-02-21 17:49 ` Matthew Garrett
2013-02-21 18:03 ` Linus Torvalds
2013-02-21 18:11 ` Matthew Garrett
2013-02-22 14:05 ` Peter Jones
2013-02-25 14:46 ` Florian Weimer
2013-02-25 15:42 ` Matthew Garrett
2013-02-25 15:50 ` Florian Weimer
2013-02-25 16:14 ` Matthew Garrett
2013-02-25 16:20 ` Chris Friesen
2013-02-26 21:40 ` Florian Weimer
2013-02-26 22:19 ` Chris Friesen
2013-02-21 18:17 ` David Howells
2013-02-21 18:25 ` Matthew Garrett
2013-02-25 14:33 ` Florian Weimer
2013-02-25 15:42 ` Matthew Garrett
2013-02-21 18:25 ` Linus Torvalds
2013-02-21 18:34 ` Peter Jones
2013-02-21 18:56 ` Linus Torvalds
2013-02-21 19:10 ` Peter Jones
2013-02-21 19:10 ` Matthew Garrett
2013-02-21 20:31 ` Vivek Goyal
2013-02-21 20:32 ` Matthew Garrett
2013-02-21 20:38 ` Vivek Goyal
2013-03-18 2:12 ` Stephen Rothwell
2013-03-19 18:11 ` David Howells
2013-03-20 16:52 ` David Howells
2013-03-20 23:28 ` Stephen Rothwell
2013-02-21 20:08 ` Theodore Ts'o
2013-02-25 14:28 ` Florian Weimer
2013-02-25 15:45 ` Matthew Garrett
2013-02-26 21:08 ` Florian Weimer
2013-02-25 23:51 ` David Howells
2013-02-26 0:59 ` Greg KH
2013-02-26 2:33 ` Matthew Garrett
2013-02-26 3:02 ` Greg KH
2013-02-26 3:13 ` Matthew Garrett
2013-02-26 3:25 ` Theodore Ts'o
2013-02-26 3:28 ` Matthew Garrett
2013-02-26 3:32 ` Linus Torvalds
2013-02-26 3:42 ` Matthew Garrett
2013-02-26 3:45 ` Linus Torvalds
2013-02-26 3:48 ` Matthew Garrett
2013-02-26 4:31 ` Linus Torvalds
2013-02-26 4:57 ` Matthew Garrett
2013-02-26 15:30 ` Vivek Goyal
2013-02-26 15:38 ` Vivek Goyal [this message]
2013-02-27 17:23 ` Eric W. Biederman
2013-02-26 21:30 ` Florian Weimer
2013-02-26 21:40 ` Peter Jones
2013-02-26 22:35 ` Al Viro
2013-02-26 3:40 ` Greg KH
2013-02-26 3:45 ` Matthew Garrett
2013-02-26 3:49 ` Theodore Ts'o
2013-02-26 19:30 ` Florian Weimer
2013-02-26 19:41 ` Matthew Garrett
2013-02-26 3:31 ` Greg KH
2013-02-26 3:38 ` Matthew Garrett
2013-02-26 3:54 ` Greg KH
2013-02-26 4:04 ` Matthew Garrett
2013-02-26 4:13 ` Greg KH
2013-02-26 4:23 ` Matthew Garrett
2013-02-26 4:43 ` Linus Torvalds
2013-02-26 4:59 ` Matthew Garrett
2013-02-26 21:57 ` Geert Uytterhoeven
2013-02-26 22:06 ` Peter Jones
2013-02-27 12:32 ` Geert Uytterhoeven
2013-02-27 12:43 ` Matthew Garrett
2013-02-27 14:14 ` Peter Jones
2013-02-26 4:25 ` Dave Airlie
2013-02-26 4:45 ` Theodore Ts'o
2013-02-26 4:55 ` Dave Airlie
2013-02-26 6:04 ` Theodore Ts'o
2013-02-26 6:38 ` Theodore Ts'o
2013-02-26 10:07 ` Raymond Jennings
2013-02-26 10:21 ` Matthew Garrett
2013-02-26 16:45 ` Kent Yoder
2013-02-26 16:54 ` Peter Jones
2013-02-27 15:24 ` Theodore Ts'o
2013-02-27 17:36 ` Chris Friesen
2013-02-27 17:59 ` Theodore Ts'o
2013-02-27 19:21 ` Chris Friesen
2013-02-27 19:34 ` Theodore Ts'o
2013-02-27 19:14 ` Paolo Bonzini
2013-02-27 21:31 ` Dave Airlie
2013-02-28 6:27 ` Geert Uytterhoeven
2013-02-28 7:48 ` Paolo Bonzini
2013-02-26 19:40 ` Florian Weimer
2013-02-26 19:46 ` Matthew Garrett
2013-02-26 4:50 ` Greg KH
2013-02-28 7:57 ` Florian Weimer
2013-02-28 15:43 ` Chris Friesen
2013-02-28 19:26 ` Florian Weimer
2013-02-28 19:30 ` Matthew Garrett
2013-02-28 19:41 ` Florian Weimer
2013-02-28 19:53 ` Matthew Garrett
2013-02-28 20:23 ` Florian Weimer
2013-02-28 20:31 ` Matthew Garrett
2013-02-26 13:34 ` Jiri Kosina
2013-02-26 14:16 ` Raymond Jennings
2013-02-26 15:11 ` David Howells
2013-02-26 16:50 ` Greg KH
2013-02-27 9:35 ` ownssh
2013-02-27 10:17 ` James Courtier-Dutton
2013-02-27 11:27 ` Alexander Holler
2013-02-27 11:49 ` James Courtier-Dutton
2013-02-27 14:56 ` Matthew Garrett
2013-02-27 20:35 ` ownssh
2013-03-01 18:21 ` Matthew Garrett
2013-03-01 18:39 ` Gene Heskett
2013-02-28 22:48 ` Jiri Kosina
2013-02-28 22:51 ` Matthew Garrett
2013-02-28 23:02 ` Jiri Kosina
2013-02-28 23:05 ` Matthew Garrett
2013-02-28 23:45 ` Jiri Kosina
2013-02-28 23:47 ` Matthew Garrett
2013-02-28 23:52 ` Jiri Kosina
2013-03-01 0:00 ` Matthew Garrett
2013-03-01 0:08 ` Jiri Kosina
2013-03-01 10:00 ` Vojtech Pavlik
2013-03-01 14:30 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130226153846.GA16094@redhat.com \
--to=vgoyal@redhat.com \
--cc=dhowells@redhat.com \
--cc=fw@deneb.enyo.de \
--cc=gregkh@linuxfoundation.org \
--cc=jwboyer@redhat.com \
--cc=keescook@chromium.org \
--cc=keyrings@linux-nfs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mjg59@srcf.ucam.org \
--cc=pjones@redhat.com \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).