Re: [GIT PULL] Kernel lockdown for secure boot

From: Matthew Garrett
Date: Wed Apr 04 2018 - 12:22:26 EST

Next message: Kees Cook: "Re: [PATCH] mmc: pwrseq: Use kmalloc_array instead of stack VLA"
Previous message: David Lechner: "Re: [PATCH v8 25/42] ARM: davinci: dm644x: add new clock init using common clock framework"
In reply to: Theodore Y. Ts'o: "Re: [GIT PULL] Kernel lockdown for secure boot"
Next in thread: Andy Lutomirski: "Re: [GIT PULL] Kernel lockdown for secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 4, 2018 at 6:52 AM Theodore Y. Ts'o <tytso@xxxxxxx> wrote:

> On Wed, Apr 04, 2018 at 02:33:37PM +0100, David Howells wrote:
> > Theodore Y. Ts'o <tytso@xxxxxxx> wrote:
> >
> > > Whoa. Why doesn't lockdown prevent kexec? Put another away, why
> > > isn't this a problem for people who are fearful that Linux could be
> > > used as part of a Windows boot virus in a Secure UEFI context?
> >
> > Lockdown mode restricts kexec to booting an authorised image (where the
> > authorisation may be by signature or by IMA).

> If that's true, then Matthew's assertion that lockdown w/o secure boot
> is insecure goes away, no?

If you don't have secure boot then an attacker with root can modify your
bootloader or kernel, and on next boot lockdown can be silently disabled.

Next message: Kees Cook: "Re: [PATCH] mmc: pwrseq: Use kmalloc_array instead of stack VLA"
Previous message: David Lechner: "Re: [PATCH v8 25/42] ARM: davinci: dm644x: add new clock init using common clock framework"
In reply to: Theodore Y. Ts'o: "Re: [GIT PULL] Kernel lockdown for secure boot"
Next in thread: Andy Lutomirski: "Re: [GIT PULL] Kernel lockdown for secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]