From: josh@joshtriplett.org
To: Andy Lutomirski <luto@amacapital.net>
Cc: Josh Boyer <jwboyer@fedoraproject.org>,
Sarah Sharp <sarah@minilop.net>,
ksummit-discuss@lists.linuxfoundation.org,
Greg KH <gregkh@linuxfoundation.org>,
Julia Lawall <julia.lawall@lip6.fr>,
Darren Hart <darren@dvhart.com>,
Dan Carpenter <dan.carpenter@oracle.com>
Subject: Re: [Ksummit-discuss] [CORE TOPIC] Kernel tinification: shrinking the kernel and avoiding size regressions
Date: Tue, 6 May 2014 10:18:07 -0700 [thread overview]
Message-ID: <20140506171807.GA20776@cloud> (raw)
In-Reply-To: <CALCETrVZJ5swLixykH_qn4K7GDDRqKkXtPeJqdM1LXToRW+uyA@mail.gmail.com>
On Fri, May 02, 2014 at 03:35:28PM -0700, Andy Lutomirski wrote:
> On Fri, May 2, 2014 at 2:39 PM, Josh Boyer <jwboyer@fedoraproject.org> wrote:
> > On Fri, May 2, 2014 at 5:27 PM, James Bottomley
> > <James.Bottomley@hansenpartnership.com> wrote:
> >> On Fri, 2014-05-02 at 17:19 -0400, Josh Boyer wrote:
> >>> On Fri, May 2, 2014 at 5:01 PM, Dave Jones <davej@redhat.com> wrote:
> >>> > On Fri, May 02, 2014 at 04:41:41PM -0400, Theodore Ts'o wrote:
> >>> >
> >>> > > And I think we can also further break this down into the classes of
> >>> > > code which require root privs (i.e., like kexec), and those which can
> >>> > > be used by any userid.
> >>> >
> >>> > In the brave new world of secure boot, we kind of have to care about
> >>> > even the root cases now too [*], but I agree in the general case.
> >>>
> >>> Speaking of that... is it worth my time to propose a "What to do about
> >>> the secure_modules/trusted_kernel/whatever patch set that distros are
> >>> carrying to support Secure Boot? I thought we had agreement and a
> >>> path forward at LPC last year, but things seem to have gotten derailed
> >>> again.
> >>
> >> Would you believe we're just discussing with the distros how we might
> >> re-engineer the Linux secure boot process. Unfortunately the details
> >
> > I would believe it.
> >
> >> depend on a UEFI forum proposal that are UEFI confidential at this time,
> >> but you can probably pick them up from Peter Jones, since you're a Red
> >> Hat employee. One of the side effects of this, if it happens, will be
> >
> > OK.
> >
> >> to separate Linux secure boot policy from Microsoft's binary signing
> >> requirements which might take some of the heat out of the arguments
> >> about which parts of the patch are to please microsoft and refocus the
> >> debate towards how we make better use of secure boot. I'll try and
> >> ensure that either the proposals are public by KS or that we have
> >> permission to share the details.
> >
> > The objectionable parts having to do with signing aren't even in the
> > patchset Matthew has posted. That's the initial set he tried to get
> > pulled in and failed. If the proposal drastically changes that
> > approach I'd be surprised (maybe pleasantly).
>
> FWIW, I really don't like the approach where we say that the kernel
> must be inviolate but that user code can do whatever it likes as long
> as the kernel isn't compromised. This may be needed to comply with
> current MS/UEFI policy, but I think it largely misses the point wrt
> actual security.
>
> If the policy can change, then that might be a huge win.
We shouldn't give up on securing userspace, either; protecting the
kernel is necessary but not sufficient. But I do think it's worthwhile
to enforce "root != kernel", quite apart from any "secure boot"
requirements. That's what Matthew's patches primarily serve to do: make
root not kernel-equivalent.
- Josh Triplett
next prev parent reply other threads:[~2014-05-06 17:18 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-02 16:44 Josh Triplett
2014-05-02 17:11 ` Dave Jones
2014-05-02 17:20 ` James Bottomley
2014-05-02 17:33 ` Dave Jones
2014-05-02 17:46 ` Josh Boyer
2014-05-02 18:50 ` H. Peter Anvin
2014-05-02 19:02 ` Josh Boyer
2014-05-02 19:03 ` Michael Kerrisk (man-pages)
2014-05-02 19:33 ` Theodore Ts'o
2014-05-02 19:38 ` Jiri Kosina
2014-05-02 19:49 ` Dave Jones
2014-05-02 20:06 ` Steven Rostedt
2014-05-02 20:41 ` Theodore Ts'o
2014-05-02 21:01 ` Dave Jones
2014-05-02 21:19 ` Josh Boyer
2014-05-02 21:23 ` Jiri Kosina
2014-05-02 21:36 ` Josh Boyer
2014-05-02 21:27 ` James Bottomley
2014-05-02 21:39 ` Josh Boyer
2014-05-02 22:35 ` Andy Lutomirski
2014-05-06 17:18 ` josh [this message]
2014-05-06 17:31 ` Andy Lutomirski
2014-05-09 18:22 ` H. Peter Anvin
2014-05-09 20:37 ` Andy Lutomirski
2014-05-09 22:50 ` Josh Triplett
2014-05-10 0:23 ` James Bottomley
2014-05-10 0:38 ` Andy Lutomirski
2014-05-10 3:44 ` Josh Triplett
2014-05-03 17:30 ` James Bottomley
2014-05-02 21:56 ` tytso
2014-05-02 20:45 ` Ben Hutchings
2014-05-02 21:03 ` Dave Jones
2014-05-03 13:37 ` Michael Kerrisk (man-pages)
2014-05-03 13:35 ` Michael Kerrisk (man-pages)
2014-05-03 13:32 ` Michael Kerrisk (man-pages)
2014-05-02 19:03 ` Mark Brown
2014-05-02 19:45 ` Luck, Tony
2014-05-02 21:03 ` Mark Brown
2014-05-02 21:08 ` Dave Jones
2014-05-02 21:14 ` Andy Lutomirski
2014-05-02 21:21 ` Luck, Tony
2014-05-02 21:38 ` H. Peter Anvin
2014-05-03 1:21 ` Mark Brown
2014-05-07 12:35 ` David Woodhouse
2014-05-09 15:51 ` Mark Brown
2014-05-02 17:33 ` Guenter Roeck
2014-05-02 17:44 ` Steven Rostedt
2014-05-07 11:32 ` David Woodhouse
2014-05-07 16:38 ` James Bottomley
2014-05-02 22:04 ` Jan Kara
2014-05-05 23:45 ` Bird, Tim
2014-05-06 2:14 ` H. Peter Anvin
2014-05-09 16:22 ` Josh Triplett
2014-05-09 16:59 ` Bird, Tim
2014-05-09 17:23 ` josh
2014-05-08 15:52 ` Christoph Lameter
2014-05-12 17:35 ` Wolfram Sang
2014-05-13 16:36 ` Bird, Tim
2014-05-13 18:00 ` josh
2014-05-14 1:04 ` Julia Lawall
2014-08-17 9:45 ` [Ksummit-discuss] tiny.wiki.kernel.org Josh Triplett
2014-05-08 16:24 [Ksummit-discuss] [CORE TOPIC] Kernel tinification: shrinking the kernel and avoiding size regressions Christoph Lameter
2014-05-09 0:31 ` James Bottomley
2014-05-09 14:48 ` Christoph Lameter
2014-05-09 16:24 ` Steven Rostedt
2014-05-09 16:55 ` Christoph Lameter
2014-05-09 17:21 ` josh
2014-05-09 17:42 ` James Bottomley
2014-05-09 17:52 ` Christoph Lameter
2014-05-09 18:32 ` Steven Rostedt
2014-05-09 19:02 ` Julia Lawall
2014-05-09 20:31 ` Steven Rostedt
2014-05-09 17:52 ` Matthew Wilcox
2014-05-12 18:06 ` Dave Hansen
2014-05-12 20:20 ` Roland Dreier
2014-05-14 2:37 ` Li Zefan
2014-05-15 19:41 ` H. Peter Anvin
2014-05-15 20:00 ` Greg KH
2014-05-15 20:29 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140506171807.GA20776@cloud \
--to=josh@joshtriplett.org \
--cc=dan.carpenter@oracle.com \
--cc=darren@dvhart.com \
--cc=gregkh@linuxfoundation.org \
--cc=julia.lawall@lip6.fr \
--cc=jwboyer@fedoraproject.org \
--cc=ksummit-discuss@lists.linuxfoundation.org \
--cc=luto@amacapital.net \
--cc=sarah@minilop.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox