[GIT PULL] Kernel lockdown for secure boot

[GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-03-30
Re: [GIT PULL] Kernel lockdown for secure boot · James Morris <jmorris@namei.org> · 2018-03-31
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-03-31
Re: [GIT PULL] Kernel lockdown for secure boot · Ard Biesheuvel <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · James Morris <jmorris@namei.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Alan Cox <hidden> · 2018-04-05
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Kees Cook <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@amacapital.net> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Alexei Starovoitov <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Alan Cox <hidden> · 2018-04-05
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Alan Cox <hidden> · 2018-04-05
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-05
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · "Theodore Y. Ts'o" <tytso@mit.edu> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · "Theodore Y. Ts'o" <tytso@mit.edu> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Mike Galbraith <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · "Theodore Y. Ts'o" <tytso@mit.edu> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Justin Forbes <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Peter Dolding <hidden> · 2018-04-05
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-05
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Peter Dolding <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Peter Dolding <hidden> · 2018-04-05
Re: [GIT PULL] Kernel lockdown for secure boot · Justin Forbes <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Jann Horn <jannh@google.com> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@amacapital.net> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · David Howells <dhowells@redhat.com> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Kees Cook <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Kees Cook <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Peter Jones <pjones@redhat.com> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Thomas Gleixner <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-04
Re: [GIT PULL] Kernel lockdown for secure boot · Andy Lutomirski <luto@kernel.org> · 2018-04-05
Re: [GIT PULL] Kernel lockdown for secure boot · Peter Dolding <hidden> · 2018-04-06
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Al Viro <viro@ZenIV.linux.org.uk> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Linus Torvalds <torvalds@linux-foundation.org> · 2018-04-03
Re: [GIT PULL] Kernel lockdown for secure boot · Matthew Garrett <hidden> · 2018-04-03
[PATCH next-lockdown 0/1] debugfs EPERM fix for 'Kernel lockdown for secure boot' patch series · Vasily Gorbik <gor@linux.ibm.com> · 2018-11-21
[PATCH next-lockdown 1/1] debugfs: avoid EPERM when no open file operation defined · Vasily Gorbik <gor@linux.ibm.com> · 2018-11-21

From: luto@kernel.org (Andy Lutomirski)
Date: 2018-04-03 19:01:32
Also in: linux-api, linux-efi, linux-man, lkml

On Apr 3, 2018, at 10:16 AM, David Howells [off-list ref] wrote:

Andy Lutomirski [off-list ref] wrote:

quoted

A kernel that allows users arbitrary access to ring 0 is just an
overfeatured bootloader. Why would you want secure boot in that case?

To get a chain of trust.

You don't have a chain of trust that you can trust in that case.

Please elaborate on why I can?t trust it. Please also elaborate on how
lockdown helps at all.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help