[PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
From: dhowells@xxxxxxxxxx (David Howells)
Date: Mon, 10 Apr 2017 14:19:52 +0100
In-reply-to: <1491568577.4184.97.camel@linux.vnet.ibm.com>
References: <1491568577.4184.97.camel@linux.vnet.ibm.com> <1491551180.4184.50.camel@linux.vnet.ibm.com> <1491536950.4184.10.camel@linux.vnet.ibm.com> <149142326734.5101.4596394505987813763.stgit@warthog.procyon.org.uk> <149142335441.5101.2294976563846442575.stgit@warthog.procyon.org.uk> <20170407030545.GA4296@dhcp-128-65.nay.redhat.com> <21572.1491548994@warthog.procyon.org.uk> <27362.1491556638@warthog.procyon.org.uk>

Mimi Zohar <zohar at linux.vnet.ibm.com> wrote:

> From an IMA perspective, either a file hash or signature are valid,
> but for this usage it must be a signature.

Not necessarily.  If IMA can guarantee that a module is the same based on its
hash rather than on a key, I would've thought that should be fine.

David

Follow-Ups:
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
  - From: Mimi Zohar

References:
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
  - From: Mimi Zohar
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
  - From: Mimi Zohar
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
  - From: Mimi Zohar
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
  - From: David Howells
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
  - From: Dave Young
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
  - From: David Howells
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
  - From: David Howells

Prev by Date: No man page for kdump (yet?)
Next by Date: No man page for kdump (yet?)
Previous by thread: [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
Next by thread: [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
Index(es):
- Date
- Thread

[Index of Archives] [LM Sensors] [Linux Sound] [ALSA Users] [ALSA Devel] [Linux Audio Users] [Linux Media] [Kernel] [Gimp] [Yosemite News] [Linux Media]