[GIT PULL] Kernel lockdown for secure boot
Andy Lutomirski
luto at kernel.org
Tue Apr 3 23:48:31 UTC 2018
On Tue, Apr 3, 2018 at 4:39 PM, David Howells <dhowells at redhat.com> wrote:
> Linus Torvalds <torvalds at linux-foundation.org> wrote:
>
>> The same thing is true of some lockdown patch. Maybe it's a good thing
>> in general. But whether it's a good thing is _entirely_ independent of
>> any secure boot issue. I can see using secure boot without it, but I
>> can very much also see using lockdown without secure boot.
>>
>> The two things are simply entirely orthogonal. They have _zero_
>> overlap. I'm not seeing why they'd be linked at all in any way.
>
> I'm not sure I agree. Here's my reasoning:
>
> (1) Lockdown mode really needs to activated during kernel boot, before
> userspace has a chance to run, otherwise there's a window of opportunity
> in which the kernel *isn't* locked down.
That's simply not true. A sensible verified boot chain (a la Chrome
OS) is likely to load, as one verified chunk, a kernel and initramfs.
Then initramfs can flip on lockdown all by itself before it enables
networking or any other attack vectors.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list