On Fri, Nov 02, 2012 at 10:54:50AM -0600, Chris Friesen wrote: > On 11/02/2012 09:48 AM, Vivek Goyal wrote: > >On Thu, Nov 01, 2012 at 03:02:25PM -0600, Chris Friesen wrote: > > >>With secure boot enabled, then the kernel should refuse to let an > >>unsigned kexec load new images, and kexec itself should refuse to > >>load unsigned images. > > > >Yep, good in theory. Now that basically means reimplementing kexec-tools > >in kernel. > > Maybe I'm missing something, but couldn't the vendors provide a > signed kexec? Why does extra stuff need to be pushed into the > kernel? Bingo. Join us in following mail thread for all the gory details and extra work required to make signing of user space processes work. https://lkml.org/lkml/2012/10/24/451 In a nut-shell, there is no infrastructure currently for signing user space processes and verifying it (like module signing). Then if you just sign select user processes and not whole of the user space, then it brings extra complications with linking shared objects and being able to modify the code of process etc. So yes, being able to sign /sbin/kexec will be great. Looks like that itself will require lot of work and is not that straight forward. Thanks Vivek -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html