On Wed, 2013-09-04 at 17:51 -0400, Matthew Garrett wrote: > On Wed, 2013-09-04 at 17:24 -0400, Vivek Goyal wrote: > > User space kexec-tools need to know whether to verify signature of kernel > > image being loaded. This patch exports two knobs to user space. One is > > for knowing if secureboot is enabled, this knob will be set to 1 if secure > > boot is enabled. Other knob is secure_module_enabled. This knob will be set > > to 1 if secure modules is one. > > How are you verifying that you're really looking at sysfs? Ok, thinking about it, fstatfs() does that. But how do you know you're looking at the right file? Say I have /sys/kernel/secureboot and it reads 1, and I also have /sys/kernel/kexec_loaded and it reads 0, and then I do mount --bind /sys/kernel/kexec_loaded /sys/kernel/secureboot, fstatfs() will tell you that you're reading sysfs but you'll think that secure boot is disabled. -- Matthew Garrett <matthew.garrett@xxxxxxxxxx> _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
