On Wed, 31 Oct 2012 17:17:43 +0000 Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote: > On Wed, Oct 31, 2012 at 05:21:21PM +0000, Alan Cox wrote: > > On Wed, 31 Oct 2012 17:10:48 +0000 > > Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote: > > > The kernel is signed. The kernel doesn't check the signature on the > > > suspend image. > > > > Which doesn't matter. How are you going to create the tampered image in > > the first place ? > > By booting a signed kernel, not turning on swap and writing directly to > the swap partition. Ok so the actual problem is that you are signing kernels that allow the user to skip the S4 resume check ? -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
