Torvalds Expresses Concerns Over Current "Kernel Lockdown" Approach
The kernel lockdown feature further restricts access to the kernel by user-space with what can be accessed or modified, including different /dev points, ACPI restrictions, not allowing unsigned modules, and various other restrictions in the name of greater security. Pairing that with UEFI SecureBoot unconditionally is meeting some resistance by Linus Torvalds.
This thread is what has Linus Torvalds fired up today.
The goal of kernel lockdown, which Linus Torvalds doesn't have a problem with at all, comes down to "prevent both direct and indirect access to a running kernel image, attempting to protect against unauthorised modification of the kernel image and to prevent access to security and cryptographic data located in kernel memory, whilst still permitting driver modules to be loaded." But what has the Linux kernel creator upset with are developers trying to pair this unconditionally with UEFI SecureBoot.
Linus describes Secure Boot as being "pushed in your face by people with an agenda." But his real problem is that Secure Boot would then imply Kernel Lockdown mode. Here's the meat of his argument:
See that aforelinked thread if you want more drama, but his most recent message ends with, "This discussion is over until you give an actual honest-to-goodness reason for why you tied the two features together. No more "Why not?" crap."
This thread is what has Linus Torvalds fired up today.
The goal of kernel lockdown, which Linus Torvalds doesn't have a problem with at all, comes down to "prevent both direct and indirect access to a running kernel image, attempting to protect against unauthorised modification of the kernel image and to prevent access to security and cryptographic data located in kernel memory, whilst still permitting driver modules to be loaded." But what has the Linux kernel creator upset with are developers trying to pair this unconditionally with UEFI SecureBoot.
Linus describes Secure Boot as being "pushed in your face by people with an agenda." But his real problem is that Secure Boot would then imply Kernel Lockdown mode. Here's the meat of his argument:
Look at it this way: maybe lockdown breaks some application because that app does something odd. I get a report of that happening, and it so happens that the reporter is running the same distro I am, so I try it with his exact kernel configuration, and it works for me.
It is *entirely* non-obvious that the reporter happened to run a distro kernel that had secure boot enabled, and I obviously do not.
See what the problem is? Tying these things magically together IS A BAD IDEA.
See that aforelinked thread if you want more drama, but his most recent message ends with, "This discussion is over until you give an actual honest-to-goodness reason for why you tied the two features together. No more "Why not?" crap."
40 Comments