From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756820AbdKNWen (ORCPT ); Tue, 14 Nov 2017 17:34:43 -0500 Received: from mail-io0-f193.google.com ([209.85.223.193]:47465 "EHLO mail-io0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755497AbdKNWec (ORCPT ); Tue, 14 Nov 2017 17:34:32 -0500 X-Google-Smtp-Source: AGs4zMYOqSIdme/TTpgh6JThDIGdWw0uNTP8lCA03JZd90JzkUVY12Wzks40chdpQNCujiO35sJ6b0Td8VQvvJkS6Nc= MIME-Version: 1.0 In-Reply-To: <1510698696.7703.21.camel@HansenPartnership.com> References: <20171109044619.GG7859@linaro.org> <20171111023240.2398ca55@alans-desktop> <20171113174250.GA22894@wotan.suse.de> <20171113210848.4dc344bd@alans-desktop> <454.1510609487@warthog.procyon.org.uk> <1510662098.3711.139.camel@linux.vnet.ibm.com> <20171114205014.GJ729@wotan.suse.de> <1510697658.7703.12.camel@HansenPartnership.com> <1510698696.7703.21.camel@HansenPartnership.com> From: Matthew Garrett Date: Tue, 14 Nov 2017 14:34:30 -0800 Message-ID: Subject: Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown To: James Bottomley Cc: "Luis R. Rodriguez" , Linus Torvalds , Johannes Berg , Mimi Zohar , David Howells , Alan Cox , "AKASHI, Takahiro" , Greg Kroah-Hartman , Jan Blunck , Julia Lawall , Marcus Meissner , Gary Lin , LSM List , linux-efi , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 14, 2017 at 2:31 PM, James Bottomley wrote: > On Tue, 2017-11-14 at 14:17 -0800, Matthew Garrett wrote: >> Measured boot has a great deal of value in the sealing of private >> material, even in the absence of attestation. The way Microsoft make >> use of PCR7 is a good example of how signatures make this easier - >> achieving the same goal with a full measurement of the boot chain >> instead of relying on signature validation results in significantly >> more fragility. > > OK, so I agree that if you have sealed something required for boot (and > have the capability for resealing it on OS upgrade) you can use > measurements locally. However, I don't believe we have any systems > today in Linux which can do this (we have theoretical ideas about how > we might do it with LUKS root keys and one day we might actually have > the infrastructure to make it viable for a standard laptop). It's used for TPMTOTP, for instance. > Absent that, secure boot provides a reasonable measure of security > which works with today's infrastructure. > > Note: this doesn't mean I necessarily want signatures everywhere (like > firmware). We can sign elements in blobs that provide the effective > security without needing more granular signatures. To be clear - I'm arguing in favour of signatures here. Measured boot is much easier to work with in their presence.