Re: [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down

[PATCH V31 00/25] Add support for kernel lockdown · Matthew Garrett <hidden> · 2019-03-26
[PATCH V31 01/25] Add the ability to lock down access to the running kernel image · Matthew Garrett <hidden> · 2019-03-26
[PATCH V31 02/25] Enforce module signatures if the kernel is locked down · Matthew Garrett <hidden> · 2019-03-26
[PATCH V31 03/25] Restrict /dev/{mem,kmem,port} when the kernel is locked down · Matthew Garrett <hidden> · 2019-03-26
[PATCH V31 05/25] Copy secure_boot flag in boot params across kexec reboot · Matthew Garrett <hidden> · 2019-03-26
[PATCH V31 06/25] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE · Matthew Garrett <hidden> · 2019-03-26
Re: [PATCH V31 06/25] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE · Dave Young <hidden> · 2019-06-21
Re: [PATCH V31 06/25] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE · Matthew Garrett <hidden> · 2019-06-21
Re: [PATCH V31 06/25] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE · Matthew Garrett <hidden> · 2019-06-21
[PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down · Matthew Garrett <hidden> · 2019-03-26
Re: [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down · Dave Young <hidden> · 2019-06-21
Re: [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down · Matthew Garrett <hidden> · 2019-06-21
Re: [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down · Dave Young <hidden> · 2019-06-24
Re: [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down · Matthew Garrett <hidden> · 2019-06-24
Re: [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down · Mimi Zohar <zohar@linux.ibm.com> · 2019-06-24
Re: [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down · Matthew Garrett <hidden> · 2019-06-25
Re: [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down · Mimi Zohar <zohar@linux.ibm.com> · 2019-06-25
Re: [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down · Dave Young <hidden> · 2019-06-25
[PATCH V31 09/25] uswsusp: Disable when the kernel is locked down · Matthew Garrett <hidden> · 2019-03-26
[PATCH V31 11/25] x86: Lock down IO port access when the kernel is locked down · Matthew Garrett <hidden> · 2019-03-26
Re: [PATCH V31 11/25] x86: Lock down IO port access when the kernel is locked down · Andy Lutomirski <luto@kernel.org> · 2019-03-26
[PATCH V31 12/25] x86/msr: Restrict MSR access when the kernel is locked down · Matthew Garrett <hidden> · 2019-03-26
[PATCH V31 14/25] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down · Matthew Garrett <hidden> · 2019-03-26
[PATCH V31 16/25] Prohibit PCMCIA CIS storage when the kernel is locked down · Matthew Garrett <hidden> · 2019-03-26
[PATCH V31 17/25] Lock down TIOCSSERIAL · Matthew Garrett <hidden> · 2019-03-26
[PATCH V31 18/25] Lock down module params that specify hardware parameters (eg. ioport) · Matthew Garrett <hidden> · 2019-03-26
[PATCH V31 20/25] Lock down /proc/kcore · Matthew Garrett <hidden> · 2019-03-26
[PATCH V31 22/25] bpf: Restrict bpf when kernel lockdown is in confidentiality mode · Matthew Garrett <hidden> · 2019-03-26
Re: [PATCH V31 22/25] bpf: Restrict bpf when kernel lockdown is in confidentiality mode · Andy Lutomirski <luto@kernel.org> · 2019-03-26
[PATCH V31 23/25] Lock down perf when in confidentiality mode · Matthew Garrett <hidden> · 2019-03-26
[PATCH V31 24/25] lockdown: Print current->comm in restriction messages · Matthew Garrett <hidden> · 2019-03-26
[PATCH V31 25/25] debugfs: Disable open() when kernel is locked down · Matthew Garrett <hidden> · 2019-03-26
Re: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down · Andy Lutomirski <luto@kernel.org> · 2019-03-26
Re: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down · Matthew Garrett <hidden> · 2019-03-26
Re: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down · Greg KH <gregkh@linuxfoundation.org> · 2019-03-27
Re: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down · Andy Lutomirski <luto@kernel.org> · 2019-03-27
Re: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down · Greg KH <gregkh@linuxfoundation.org> · 2019-03-27
Re: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down · Andy Lutomirski <luto@amacapital.net> · 2019-03-27
Re: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down · Greg KH <gregkh@linuxfoundation.org> · 2019-03-27
Re: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down · James Morris <jmorris@namei.org> · 2019-03-27
Re: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down · Andy Lutomirski <luto@kernel.org> · 2019-03-27
Re: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down · Matthew Garrett <hidden> · 2019-03-27
Re: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down · Greg KH <gregkh@linuxfoundation.org> · 2019-03-27
Re: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down · Greg KH <gregkh@linuxfoundation.org> · 2019-03-27
Re: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down · Greg KH <gregkh@linuxfoundation.org> · 2019-03-27
Re: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down · Matthew Garrett <hidden> · 2019-03-27
Re: [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down · Greg KH <gregkh@linuxfoundation.org> · 2019-03-27
[PATCH V31 21/25] Lock down kprobes when in confidentiality mode · Matthew Garrett <hidden> · 2019-03-26
[PATCH V31 19/25] x86/mmiotrace: Lock down the testmmiotrace module · Matthew Garrett <hidden> · 2019-03-26
Re: [PATCH V31 19/25] x86/mmiotrace: Lock down the testmmiotrace module · Steven Rostedt <rostedt@goodmis.org> · 2019-03-27
Re: [PATCH V31 19/25] x86/mmiotrace: Lock down the testmmiotrace module · Matthew Garrett <hidden> · 2019-03-27
[PATCH V31 15/25] acpi: Disable ACPI table override if the kernel is locked down · Matthew Garrett <hidden> · 2019-03-26
[PATCH V31 13/25] ACPI: Limit access to custom_method when the kernel is locked down · Matthew Garrett <hidden> · 2019-03-26
[PATCH V31 10/25] PCI: Lock down BAR access when the kernel is locked down · Matthew Garrett <hidden> · 2019-03-26
Re: [PATCH V31 10/25] PCI: Lock down BAR access when the kernel is locked down · Andy Lutomirski <luto@kernel.org> · 2019-03-26
Re: [PATCH V31 10/25] PCI: Lock down BAR access when the kernel is locked down · Alex Williamson <hidden> · 2019-03-26
[PATCH V31 08/25] hibernate: Disable when the kernel is locked down · Matthew Garrett <hidden> · 2019-03-26
[PATCH V31 04/25] kexec_load: Disable at runtime if the kernel is locked down · Matthew Garrett <hidden> · 2019-03-26

From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2019-06-24 21:27:49
Also in: kexec, linux-security-module, lkml

Hi Matthew,

On Mon, 2019-06-24 at 14:06 -0700, Matthew Garrett wrote:

On Sun, Jun 23, 2019 at 6:52 PM Dave Young [off-list ref] wrote:

quoted

On 06/21/19 at 01:18pm, Matthew Garrett wrote:

quoted

I don't think so - we want it to be possible to load images if they
have a valid signature.

I know it works like this way because of the previous patch.  But from
the patch log "When KEXEC_SIG is not enabled, kernel should not load
images", it is simple to check it early for !IS_ENABLED(CONFIG_KEXEC_SIG) &&
kernel_is_locked_down(reason, LOCKDOWN_INTEGRITY)  instead of depending
on the late code to verify signature.  In that way, easier to
understand the logic, no?

But that combination doesn't enforce signature validation? We can't
depend on !IS_ENABLED(CONFIG_KEXEC_SIG_FORCE) because then it'll
enforce signature validation even if lockdown is disabled.

I agree with Dave.  There should be a stub lockdown function to
prevent enforcing lockdown when it isn't enabled.

Mimi

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help