Re: Trusted kernel patchset for Secure Boot lockdown

From: Matthew Garrett
Date: Fri Mar 14 2014 - 11:58:29 EST

Next message: Valdis Kletnieks: "ACPICA 20140214 auto-serialize weirds my machine..."
Previous message: Mika Westerberg: "[PATCH v3 5/5] gpio / ACPI: Add support for ACPI GPIO operation regions"
In reply to: Kees Cook: "Re: Trusted kernel patchset for Secure Boot lockdown"
Next in thread: One Thousand Gnomes: "Re: Trusted kernel patchset for Secure Boot lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2014-03-14 at 08:54 -0700, Kees Cook wrote:

> All the more reason to ignore command line at this point. For Chrome
> OS, it's part of our boot state, so we don't care about it. For
> generic Secure Boot, we can add checks for dangerous stuff as we go
> forward. That's why I like this interface -- we can add to it as we
> identify bad stuff, and it stay separate from other semantics.

Sure, it's just another reason not to want to use a capability-based
interface - not all the policy we want to impose is related to
processes, so capabilities really don't make sense. The current patchset
adds a restriction to the acpi_rsdp argument, and I've no objection to
adding one to limit the use of mem=.

--
Matthew Garrett <matthew.garrett@xxxxxxxxxx>

Next message: Valdis Kletnieks: "ACPICA 20140214 auto-serialize weirds my machine..."
Previous message: Mika Westerberg: "[PATCH v3 5/5] gpio / ACPI: Add support for ACPI GPIO operation regions"
In reply to: Kees Cook: "Re: Trusted kernel patchset for Secure Boot lockdown"
Next in thread: One Thousand Gnomes: "Re: Trusted kernel patchset for Secure Boot lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]