[GIT PULL] Kernel lockdown for secure boot
viro at ZenIV.linux.org.uk
Tue Apr 3 21:21:02 UTC 2018
On Tue, Apr 03, 2018 at 09:08:54PM +0000, Matthew Garrett wrote:
> > The fact is, some hardware pushes secure boot pretty hard. That has
> > *nothing* to do with some "lockdown" mode.
> Secure Boot ensures that the firmware will only load signed bootloaders. If
> a signed bootloader loads a kernel that's effectively an unsigned
> bootloader, there's no point in using Secure Boot - you should just turn it
> off instead, because it's not giving you any meaningful security. Andy's
> example gives a scenario where by constraining your *userland* sufficiently
> you can get close to having the same guarantees, but that involves you
> having a read-only filesystem and takes you even further away from having a
> general purpose computer.
> If you don't want Secure Boot, turn it off. If you want Secure Boot, use a
> kernel that behaves in a way that actually increases your security.
That assumes you *can* turn that shit off. On the hardware where manufacturer
has installed firmware that doesn't allow that SB is a misfeature that has
to be worked around. Making that harder might improve the value of SB to
said manufacturers, but what's the benefit for everybody else?
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive