Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot

From: Linus Torvalds
Date: Wed Aug 15 2018 - 17:14:42 EST

Next message: Julius Werner: "Re: [PATCH v4 0/6] firmware: coreboot: Fix probe and simplify code"
Previous message: James Bottomley: "Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot"
In reply to: James Bottomley: "Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot"
Next in thread: Dave Young: "Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 15, 2018 at 2:08 PM Yannik Sembritzki <yannik@xxxxxxxxxxxxx> wrote:
>
> IMO, this is not okay. The layer of trust should extend from the bottom
> (user-provisioned platform key) up. Only trusting the kernel builtin key
> later on (wrt. kernel modules) contradicts this principal.

This module loading case is not about trusting the *key*.

This is about trusting the *build system*.

For example, I build my kernels with one single randomly generated key
(that gets deleted afterwards). The modules get built with that key
too.

No amount of added keys later will make a module valid to load.

Linus

Next message: Julius Werner: "Re: [PATCH v4 0/6] firmware: coreboot: Fix probe and simplify code"
Previous message: James Bottomley: "Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot"
In reply to: James Bottomley: "Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot"
Next in thread: Dave Young: "Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]