On 16/03/15 21:29, Kees Cook wrote: > I really think "trusted" is the right term here. It's about as > accurate as possible for what this flag means.
A subtlety that might make this clearer: there isn't really such a thing as "trusted" in isolation, only "trusted by..." a specific other party; and in this case, as far as I can see, the intended meaning is that lower layers (firmware and/or bootloader) have been configured to trust this particular kernel. It doesn't mean "user-space can trust me not to do bad things", because any kernel, malicious or otherwise, could indeed easily claim that; and if it is lying, what is user-space going to do about it anyway? Rather, it means "the firmware is trusting me not to do things it would consider bad". I assume the intention isn't that it will make privileged bits of userland be more careful to avoid breaking this trust assumption, because the point of this patchset seems to be to make it impossible (modulo bugs) for userland to do that. Is the intention instead that it will make privileged bits of userland more careful to avoid breaking the trust chain in ways that would "fail safe" by refusing to boot? -- Simon McVittie Collabora Ltd. <http://www.collabora.com/> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/