On Wed, 31 Oct 2012, Alan Cox wrote: > > > > Prepare (as a root) a hand-crafted image, reboot, let the kernel resume > > > > from that artificial image. > > > > > > It's not signed. It won't reboot from that image. > > > > The kernel is signed. The kernel doesn't check the signature on the > > suspend image. > > Which doesn't matter. How are you going to create the tampered image in > the first place ? Editing the suspend partition/file directly when trusted kernel is booted. -- Jiri Kosina SUSE Labs -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
