* Chris Murphy:
On Mon, Jun 27, 2022 at 1:56 AM Florian Weimer
<fweimer(a)redhat.com> wrote:
>
> * Neal Gompa:
>
> > I treat Secure Boot purely as a compatibility interface. We need to do
> > just enough to get through the secure boot environment.
>
> Right. It's not even clear to me why we enforce kernel module
> signatures in Secure Boot mode, and disable a few other kernel features.
If users can load arbitrary unsigned kernel modules or hibernation
images, it silently circumvents UEFI Secure Boot. I agree this is a
frustrating paradigm for users who want certain features like using
3rd party modules with a Fedora kernel, or using locked down kernel
features, but I'm not sure what the alternative is.
Do we revoke signatures on Fedora kernels with ring 0 escalations?
I don't think so. Other distributions share the same trust root and
do not revoke kernel signatures, either. Doesn't this mean there is
an existing bypass already, by booting through a vulnerable kernel,
exploiting it, and then chain-loading another kernel with secure boot
effectively disabled (but perhaps lying to userspace about the status)?
Thanks,
Florian