Re: [RFC] Second attempt at kernel secure boot support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/31/2012 01:03 PM, Alan Cox wrote:

On Wed, 31 Oct 2012 16:55:04 +0100 (CET)
Jiri Kosina <jkosina@xxxxxxx> wrote:


On Wed, 31 Oct 2012, Alan Cox wrote:


All this depends on your threat model. If I have physical access to
suspend/resume your machine then you already lost. If I don't have
physical access then I can't boot my unsigned OS to patch your S4 image
so it doesn't matter.

Prepare (as a root) a hand-crafted image, reboot, let the kernel resume
from that artificial image.

It's not signed. It won't reboot from that image.


So then to hibernate the kernel must have a signing key?


Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux