Matthew Garrett: Trusted kernel patchset

May 12, 2014

Participants: Josh Boyer and Andy Lutomirski.

People tagged: Gary Lin, James Bottomley, James Morris, Joey Li, Kees Cook, and Vojtech Pavlik.

Matthew Garrett notes that many end-users want trusted-kernel function for use cases having nothing to do with UEFI Secure Boot, and major distributions now ship them. Distinguishing between root and kernel security is necessary for securing a boot chain. Nevertheless, people seem to be advocating rewriting these patches despite rough consensus being achieved at last year's LPC, though few people seem to be volunteering to help with the rewriting, and with no indication from the security community that the directions being advocated make sense. Although it would be nice to have this resolved by August, experience indicates that this is unlikely, so perhaps we need to discuss this in person. Again. Josh Boyer seconded the topic and suggested a number of other attendees. Andy Lutomirski also expressed interest, both from the viewpoint of what trusted boot should do and from the viewpoint of how capabilities work (or should work). Andy noted great and vocal opposition to any change in the way capabilities work, so believes that it would be helpful if the people who believe that they can change came to agreement on what changes should be undertaken.