Re: [GIT PULL] Kernel lockdown for secure boot

(off-list ancestor, not in this archive)
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Kees Cook <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@amacapital.net> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Alexei Starovoitov <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Alan Cox <hidden> · 2018-04-05
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Alan Cox <hidden> · 2018-04-05
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-05
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · "Theodore Y. Ts'o" <tytso@mit.edu> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · "Theodore Y. Ts'o" <tytso@mit.edu> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Mike Galbraith <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · "Theodore Y. Ts'o" <tytso@mit.edu> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Justin Forbes <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Peter Dolding <hidden> · 2018-04-05
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-05
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Pavel Machek <hidden> · 2018-04-08
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Peter Dolding <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Peter Dolding <hidden> · 2018-04-05
Re: [GIT PULL] Kernel lockdown for secure boot · Justin Forbes <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Jann Horn <jannh@google.com> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@amacapital.net> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Pavel Machek <hidden> · 2018-04-08
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Peter Jones <pjones@redhat.com> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Thomas Gleixner <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-05
Re: [GIT PULL] Kernel lockdown for secure boot · Peter Dolding <hidden> · 2018-04-06
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Al Viro <viro@ZenIV.linux.org.uk> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Pavel Machek <hidden> · 2018-04-08

From: Matthew Garrett <hidden>
Date: 2018-04-03 16:30:01
Also in: linux-efi, linux-man, linux-security-module, lkml

Possibly related (same subject, not in this thread)

2018-04-09 · Re: [GIT PULL] Kernel lockdown for secure boot · joeyli <jlee@suse.com>
2018-04-09 · Re: [GIT PULL] Kernel lockdown for secure boot · Daniel Borkmann <daniel@iogearbox.net>
2018-04-09 · Re: [GIT PULL] Kernel lockdown for secure boot · Alexei Starovoitov <hidden>
2018-04-08 · Re: [GIT PULL] Kernel lockdown for secure boot · joeyli <jlee@suse.com>
2018-04-08 · Re: [GIT PULL] Kernel lockdown for secure boot · joeyli <jlee@suse.com>

On Tue, Apr 3, 2018 at 8:11 AM Andy Lutomirski [off-list ref] wrote:

Can you explain that much more clearly?  I'm asking why booting via
UEFI Secure Boot should enable lockdown, and I don't see what this has
to do with kexec.  And "someone blacklist[ing] your key in the
bootloader" sounds like a political issue, not a technical issue.

A kernel that allows users arbitrary access to ring 0 is just an
overfeatured bootloader. Why would you want secure boot in that case?

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help