Attacking the kernel via its command line

Those aren't clear facts, they're a distortion of reality. You're making claims and refusing to justify them.

> the developers who have actually done the work to implement secure boot on Linux believe that the system software must remain in control at all times

So all you have is an argument from authority and the implication that I am not a developer that has worked on verified boot, which is completely false. Distributions like Fedora don't currently have a meaningful secure / verified boot implementation. Unlike others, they haven't done the work to ship the feature.

The developers that have actually done the work to implement meaningful secure boot on Linux (i.e. Google and others) don't use this cargo cult definition of it.

> command-line and module parameters that could be used to defeat that control must be disabled

They still can be with every single one of these bugs fixed.

> Given that mindset, this bug must be seen as a security bug.

The logic doesn't follow. It's only a security bug if a meaningful security feature / security boundary is bypassed. In order for that to matter, there would need to be a more complete verified boot implementation and the kernel line would need to be untrusted. The Linux kernel considers it ultimately trusted. There is no code anywhere to change that. The referenced changes about module parameters, etc. do not change that.

> You don't have to believe that mindset. I don't run locked-down kernels on my systems. But developers whose opinion matters do believe that. I cannot grasp the concept that reporting on this is to "leave out entire aspects of the story". This is a story about a command-line parsing bug...

Okay, just an argument from authority then, and no willingness to actually address the issues pointed out with this reasoning.

You might not be able to grasp it, but the article misrepresents my position and reasoning about the issue via omission. It presents it as if I'm arguing against secure / verified boot, and in fact that's the opposite of what's happening. Luckily I can comment here to correct the record about what I said.

I'm arguing for using critical thinking about whether there's a security impact and the response to that only seems to be making an argument from authority / tradition and pushing a definition of 'secure boot' with the scope narrowed to exactly the current state of the implementation in Fedora / RHEL rather than the reality which is that the feature has a whole scale of possible implementations and the one that's present there is not yet a valuable security feature.

I'm happy to listen to an explanation of some setup where this could actually have a security impact. I've yet to see that. No attempt was made to present a scenario where it matters. I don't think there is one. I can certainly imagine a theoretical scenario involving code and a distribution that doesn't currently exist... but it requires truly treating the kernel line as untrusted and verifying at least a portion of userspace. If that was truly implemented, this would be a vulnerability in the system doing that. It still wouldn't be a vulnerability in the mainline Linux kernel itself since that would be a bunch of out-of-tree code...

1) nothing
2) firmware
3) firmware / bootloaders
4) firmware / bootloaders / kernel

This is where the distributions being talked about are. I don't think it provides any substantial security properties. Maybe I'm missing something, and if so I'd like to know what...

5) firmware / bootloaders / kernel / base OS

This is where it starts becoming useful. At the very least, it's possible to get guarantees like an Android factory reset being guaranteed to wipe away any malware unless verified boot is exploited. That's the primary guaranteed offered by non-hardened Android: all of the fanciness of the hardware root of trust, the late stage bootloader verifying the kernel and the kernel verifying the entire base OS pretty much just adds up to hardened factory resets when done via booting directly into recovery rather than doing it from the OS.

6) firmware / bootloaders / kernel / base OS / privileged code

Now an attacker needs to exploit the OS after a reboot to get back privileged code execution. Can consider this to be granular, since they may be able to persist code with some privileges but not others. At the very least it needs to protect enough code to provide some kind of useful security model despite an attacker controlling all of the unverified state.

7) firmware / bootloaders / kernel / base OS / privileged code / data trusted by privileged code

This is iOS, ChromeOS and where Android strives to be, but Android places a lot more trust in persistent state than iOS and ChromeOS. So you could consider Android to be here, but an attacker has so much control via /data/dalvik-cache, etc. They control system_server and privileged apps. That's one of the things CopperheadOS currently fixes to make verified boot stronger, but there's a lot more that can be done.

8) firmware / bootloaders / kernel / base OS / privileged code / data trusted by privileged code / all code

iOS is close to being here, but they only do cursory review of the third party code they're signing. It's not same thing as a system where only code from a trusted party is signed.

9) firmware / bootloaders / kernel / base OS / privileged code / data trusted by privileged code / all code / all data trusted by code

This would be ChromeOS if it didn't have extensions, apps and Android app support.

10) everything (no persistent state)

The ideal is of course not having any persistent state. Everything verified, no way for an attacker to maintain a presence without exploiting the verified boot implementation.