On Wed, Sep 04, 2013 at 09:54:25PM +0000, Matthew Garrett wrote: > On Wed, 2013-09-04 at 17:24 -0400, Vivek Goyal wrote: > > Currently kexec does not enables EFI and its tables in second kernel. Hence > > acpi rsdp root pointer is passed on command line. But secureboot does not trust > > acpi_rsdp on command line as kernel can execute some of the code as retrieved > > by following acpi_rsdp and root can modify command line. So in secureboot > > mode we ignore acpi_rsdp on command line. > > How does kexec know it's getting a trustworthy version of the acpi_rsdp > pointer? We get acpi_rsdp from /sys/firmware/efi/systab and assumption here is that kexec is looking at right /proc/ and /sys to get that info. Thanks Vivek _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
