On Mon, Jun 08, 2020 at 06:26:36PM -0700, Alexei Starovoitov wrote: > On Mon, Jun 08, 2020 at 11:35:12AM -0700, Kees Cook wrote: > > On Mon, Jun 08, 2020 at 09:20:27AM -0700, Alexei Starovoitov wrote: > > > Take android for example. It can certify vmlinux, but not boot fs image. > > > > Huh? Yes it does, and for a while now. It uses Android uses dm-verity[1] > > and fs-verity[2]. > > I didn't mean 'certified' like untrusted or insecure. > I meant the vendor kernel has to satisfy and pass SDK checks to be > certified as an android phone whereas vendor can put more or less whatever > they like on the fs. Their own bloatware, etc. > So for android to make sure something is part of the whole sw package > it has to come from the kernel and its modules. > Well, at least that's what I've been told. > Similarly kernel upgrade doesn't necessary include boot image upgrade. > In that sense 'elf in vmlinux' addresses packaging issue. Well, it's much more complex than that, but I see what you mean: it's an ELF tied to a specific kernel, like modules are. But Android's control over modules cover such an ELF as well, if it were separate from the kernel. Regardless, we're off in the weeds. :) -- Kees Cook
