Re: [PATCH 06/24] Add a sysrq option to exit secure boot mode

From: Ard Biesheuvel
Date: Fri Apr 14 2017 - 14:15:59 EST

Next message: Thomas Gleixner: "Re: [PATCH 02/38] Annotate hardware config module parameters in arch/x86/mm/"
Previous message: Helen Koike: "Re: [PATCH v8] nvme: improve performance for virtual NVMe devices"
In reply to: Thomas Gleixner: "Re: [PATCH 06/24] Add a sysrq option to exit secure boot mode"
Next in thread: David Howells: "Re: [PATCH 06/24] Add a sysrq option to exit secure boot mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 14 April 2017 at 19:05, Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote:
> On Wed, 5 Apr 2017, David Howells wrote:
>
>> From: Kyle McMartin <kyle@xxxxxxxxxx>
>>
>> Make sysrq+x exit secure boot mode on x86_64, thereby allowing the running
>> kernel image to be modified. This lifts the lockdown.
>>
>> Signed-off-by: Kyle McMartin <kyle@xxxxxxxxxx>
>> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
>> cc: x86@xxxxxxxxxx
>
> Matt, Ard?
>
> Any opinions on this?
>

>From an EFI point of view, there is not a lot to see here. I think
having a SysRq to lift lockdown makes sense, although I think we
should avoid 'secure boot' when referring to lockdown because they are
really two different things. As someone else pointed out, you may have
other ways of trusting your kernel, in which case you should be able
to lock it down as well.

That does bring me to another EFI related point: many of these patches
are x86 specific for no good reason. We have been working really hard
over the past couple of years to move EFI plumbing into
drivers/firmware/efi, and things are not intimately related to an
architecture should ideally be implemented there. Looking at the
diffstat of this patch, I don't see why this should be a x86 only
feature.

In general, though, I think this should be two patches, one that
introduces the functionality to restrict some SysRq keys to console
only, and one that adds the 'x' for lockdown lift.

I haven't gotten around to responding to David's general email
regarding the point of all of this. I will do so asap, but it will
need to wait until Tuesday at least.

--
Ard.

On 14 April 2017 at 19:05, Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote:
> On Wed, 5 Apr 2017, David Howells wrote:
>
>> From: Kyle McMartin <kyle@xxxxxxxxxx>
>>
>> Make sysrq+x exit secure boot mode on x86_64, thereby allowing the running
>> kernel image to be modified. This lifts the lockdown.
>>
>> Signed-off-by: Kyle McMartin <kyle@xxxxxxxxxx>
>> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
>> cc: x86@xxxxxxxxxx
>
> Matt, Ard?
>
> Any opinions on this?
>
> Thanks,
>
> tglx

Next message: Thomas Gleixner: "Re: [PATCH 02/38] Annotate hardware config module parameters in arch/x86/mm/"
Previous message: Helen Koike: "Re: [PATCH v8] nvme: improve performance for virtual NVMe devices"
In reply to: Thomas Gleixner: "Re: [PATCH 06/24] Add a sysrq option to exit secure boot mode"
Next in thread: David Howells: "Re: [PATCH 06/24] Add a sysrq option to exit secure boot mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]