On Wed, 31 Oct 2012 17:10:48 +0000 Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote: > On Wed, Oct 31, 2012 at 05:03:34PM +0000, Alan Cox wrote: > > On Wed, 31 Oct 2012 16:55:04 +0100 (CET) > > Jiri Kosina <jkosina@xxxxxxx> wrote: > > > Prepare (as a root) a hand-crafted image, reboot, let the kernel resume > > > from that artificial image. > > > > It's not signed. It won't reboot from that image. > > The kernel is signed. The kernel doesn't check the signature on the > suspend image. Which doesn't matter. How are you going to create the tampered image in the first place ? -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
