On Mon, Jun 08, 2020 at 11:35:12AM -0700, Kees Cook wrote: > On Mon, Jun 08, 2020 at 09:20:27AM -0700, Alexei Starovoitov wrote: > > Take android for example. It can certify vmlinux, but not boot fs image. > > Huh? Yes it does, and for a while now. It uses Android uses dm-verity[1] > and fs-verity[2]. I didn't mean 'certified' like untrusted or insecure. I meant the vendor kernel has to satisfy and pass SDK checks to be certified as an android phone whereas vendor can put more or less whatever they like on the fs. Their own bloatware, etc. So for android to make sure something is part of the whole sw package it has to come from the kernel and its modules. Well, at least that's what I've been told. Similarly kernel upgrade doesn't necessary include boot image upgrade. In that sense 'elf in vmlinux' addresses packaging issue.
