On Wed, Oct 31, 2012 at 05:21:21PM +0000, Alan Cox wrote: > On Wed, 31 Oct 2012 17:10:48 +0000 > Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote: > > The kernel is signed. The kernel doesn't check the signature on the > > suspend image. > > Which doesn't matter. How are you going to create the tampered image in > the first place ? By booting a signed kernel, not turning on swap and writing directly to the swap partition. -- Matthew Garrett | mjg59@xxxxxxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
