Hi! > > What I'm afraid of is this turning into a "security" feature that ends up > > being circumvented in most scenarios where it's currently deployed - eg, > > module signatures are mostly worthless in the non-lockdown case because you > > can just grab the sig_enforce symbol address and then kexec a preamble that > > flips it back to N regardless of the kernel config. > > Whoa. Why doesn't lockdown prevent kexec? Put another away, why > isn't this a problem for people who are fearful that Linux could be > used as part of a Windows boot virus in a Secure UEFI context? > > If lockdown simply included a requirement for a signed kernel for > kexec --- and if kernel signing aren't available, to simply not alow > kexec, wouldn't that take care of this case? > > This wouldn't even be all that much of a burden for non-distro users > with lockdown enabled, since in my experience outside of enterprise > and data center use cases, kexec isn't used --- and in fact, very > often kexec doesn't even work outside of a very carefully selected and > bug-fixed set of device drivers. (It often doesn't work in non-distro > kernels because very few upstream developers really care about kexec.) I do have Motorola Droid 4 here (cellphone). It uses safestrap.. and than it turn kexec's a lot (so that you can select Android vs. Jolla vs. ... during boot). So yes, kexec shows even in unexpected places. And BTW.. the cellphone thingie is a situation where manufacturer works against it users. Motorola does _not_ want me to run my own kernels here. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: Digital signature