On Fri, Oct 11, 2013 at 01:44:19PM -0700, Eric W. Biederman wrote: > Matthew Garrett <mjg59 at srcf.ucam.org> writes: > > No, I manually look up some addresses from /proc/kallsyms and then > > modify them in the second kernel. > > An interesting approach I think most of the rest of us would have just > built a module, or rebuilt our kernels. Well yeah, but my kernel refuses to load unsigned modules, so. > Now if this is a backwards argument to remove that silly code path it > totally fails because now we know the code has not bit-rotted and > that there are active users. No, it's not any argument of the kind. > If you are still pushing the signed-boot agenda I eagerly await your > patches to make all of this work in a sensible way with signed binaries. Vivek's working on a separate kexec system call for that, as we agreed with Linus at LPC. -- Matthew Garrett | mjg59 at srcf.ucam.org