Vivek Goyal <vgoyal at redhat.com> writes: > On Tue, Oct 23, 2012 at 11:04:29AM +0900, Simon Horman wrote: >> On Mon, Oct 22, 2012 at 04:43:39PM -0400, Vivek Goyal wrote: >> > On Fri, Oct 19, 2012 at 10:31:12AM -0400, Vivek Goyal wrote: >> > >> > [..] >> > > - What happens to purgatory code. It is unsigned piece of code which >> > > runs in kernel? >> > >> > Thinking more about it, another not so clean proposal. >> >> I have always assumed that purgatory can't be removed >> as doing so would break backwards compatibility. > > Hi Simon, > > I think this will be a new parallel path and this new path should be taken > only on kernel booted with secure boot enabled. (Either automatically or > by using some kexec command line option). So nothing should be broken > because we never supported anything on secure boot enabled system. Rubbish. Kexec works just fine today on a secure boot enabled system. Ignoring the nonsense that there is no such thing as a secure boot enabled linux system. Whatever we implement must work on all linux systems. If we implement an extension we also must write the code in /sbin/kexec so that it works on older systems that do not implement that extension. Eric
