Re: Trusted kernel patchset for Secure Boot lockdown

From: Matthew Garrett
Date: Fri Mar 14 2014 - 16:44:13 EST

Next message: Joseph Salisbury: "[v3.13][v3.14][Regression] kthread: make kthread_create() killable"
Previous message: Sasha Levin: "Re: mm: kernel BUG at mm/huge_memory.c:2785!"
In reply to: David Lang: "Re: Trusted kernel patchset for Secure Boot lockdown"
Next in thread: One Thousand Gnomes: "Re: Trusted kernel patchset for Secure Boot lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2014-03-14 at 13:37 -0700, David Lang wrote:
> On Fri, 14 Mar 2014, Matthew Garrett wrote:
> > As an example, imagine a platform with the bootloader and kernel on
> > read-only media. The platform can assert that the kernel is trusted even
> > if there's no measurement of the kernel.
>
> Trusted by who?

The platform. If you don't trust the platform's ability to make that
decision then that's something that informs your own behaviour, not the
platform's.

> Alan is saying measured because then if it matches what the owner of that device
> intends it's trusted, but just because you trust it doesn't mean that I trust
> it, and it doesn't mean that the russian government should trust it, etc.

"Measured" has a specific meaning. If you trust a file based on its
source rather than some property of the file itself, you're not
measuring it.

--
Matthew Garrett <matthew.garrett@xxxxxxxxxx>

Next message: Joseph Salisbury: "[v3.13][v3.14][Regression] kthread: make kthread_create() killable"
Previous message: Sasha Levin: "Re: mm: kernel BUG at mm/huge_memory.c:2785!"
In reply to: David Lang: "Re: Trusted kernel patchset for Secure Boot lockdown"
Next in thread: One Thousand Gnomes: "Re: Trusted kernel patchset for Secure Boot lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]