Re: [PATCH v10 8/8] integrity: Only use machine keyring when uefi_check_trust_mok_keys is true

From: Michal Suchánek
Date: Mon Apr 11 2022 - 17:35:36 EST


On Mon, Apr 11, 2022 at 08:34:55PM +0000, Eric Snowberg wrote:
>
>
> > On Apr 11, 2022, at 11:24 AM, Michal Suchánek <msuchanek@xxxxxxx> wrote:
> >
> > On Mon, Apr 11, 2022 at 04:39:42PM +0000, Eric Snowberg wrote:
> >>
> >>
> >>> On Apr 11, 2022, at 5:06 AM, Michal Suchánek <msuchanek@xxxxxxx> wrote:
> >>>
> >>> Hello,
> >>>
> >>> On Tue, Jan 25, 2022 at 09:58:34PM -0500, Eric Snowberg wrote:
> >>>> With the introduction of uefi_check_trust_mok_keys, it signifies the end-
> >>>
> >>> What value does such flag have?
> >>>
> >>> The user is as much in control of the flag as the MOK keys.
> >>
> >> The flag allows the system owner (not root) the ability to determine
> >> if they want to load MOKList into the machine keyring. Keys contained
> >> in the machine keyring are then linked to the secondary. The flag is no
> >> different than the '—ignore-db' currently available in shim, which then
> >> gets propagated to Linux (uefi_check_ignore_db). These flags can be
> >> set by the system owner, who can prove physical presence.
> >
> > Managing the MOK keys requires physical presence equally.
> >
> > Moreover, these keys are trusted for running code at ring0, in fact the
> > running kernel is expected to be signed by one of them, and can be
> > signed by any of them.
> >
> > Then what exact purpose does this extra flag serve?
> >
> > If such compile-time flag exists in the kernel it cannot be overriden by
> > the root once the kernel is signed, either.
> >
> >>>> user wants to trust the machine keyring as trusted keys. If they have
> >>>> chosen to trust the machine keyring, load the qualifying keys into it
> >>>> during boot, then link it to the secondary keyring . If the user has not
> >>>> chosen to trust the machine keyring, it will be empty and not linked to
> >>>> the secondary keyring.
> >>>
> >>> Why is importing the keys and using them linked together?
> >>>
> >>> If later we get, say, machine keyring on powerpc managed by secvarctl
> >>> then it has its value to import the keyring and be able to list the
> >>> content with the same tools on EFI and powerpc.
> >>
> >> The machine keyring is linked to the secondary keyring, exactly the same way
> >> the builtin is linked to it. Linking this way should eliminate the need to change
> >> any user space tools to list the contents.
> >
> > That's answer to a completely different question, though.
> >
> > You either import the keys and use them, or you don't use them and don't
> > import them. The option to import and not use is not available.
>
> Why import something into a keyring that can not be used?
>
> MOKList keys get imported into one of two keyrings, either the machine or the
> platform. If uefi_check_trust_mok_keys returns false, the MOKList keys are
> loaded into the platform along with the UEFI SB DB keys. If true, they are loaded
> into the machine keyring.

Ooh, such quirky and convoluted design. Not sure how anyone is supposed
to make any sense of this but hey, none of this can possibly change to
not break something.

Now I at least know.

Thanks

Michal