Re: [RFC] Second attempt at kernel secure boot support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Jiri Kosina <jkosina@xxxxxxx>
Subject: Re: [RFC] Second attempt at kernel secure boot support
From: Chris Friesen <chris.friesen@xxxxxxxxxxx>
Date: Mon, 05 Nov 2012 09:37:18 -0600
Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>, Vivek Goyal <vgoyal@xxxxxxxxxx>, Pavel Machek <pavel@xxxxxx>, Eric Paris <eparis@xxxxxxxxxxxxxx>, James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>, Oliver Neukum <oneukum@xxxxxxx>, Alan Cox <alan@xxxxxxxxxxxxxxxxxxx>, Matthew Garrett <mjg59@xxxxxxxxxxxxx>, Josh Boyer <jwboyer@xxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, linux-security-module@xxxxxxxxxxxxxxx, linux-efi@xxxxxxxxxxxxxxx
In-reply-to: <alpine.LNX.2.00.1211051628380.24253@pobox.suse.cz>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111108 Fedora/3.1.16-1.fc14 Lightning/1.0b3pre Thunderbird/3.1.16

On 11/05/2012 09:31 AM, Jiri Kosina wrote:

I had a naive idea of just putting in-kernel verification of a complete
ELF binary passed to kernel by userspace, and if the signature matches,
jumping to it.
Would work for elf-x86_64 nicely I guess, but we'd lose a lot of other
functionality currently being provided by kexec-tools.

Bah. This is a real pandora's box.


Would it be so bad to statically link kexec?

Chris
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Follow-Ups:
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Vivek Goyal

References:
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Chris Friesen
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Oliver Neukum
- Re: [RFC] Second attempt at kernel secure boot support
  - From: James Bottomley
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Jiri Kosina
- Re: [RFC] Second attempt at kernel secure boot support
  - From: James Bottomley
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Jiri Kosina
- Re: [RFC] Second attempt at kernel secure boot support
  - From: James Bottomley
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Eric Paris
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Pavel Machek
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Chris Friesen
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Vivek Goyal
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Jiri Kosina
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Eric W. Biederman
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Jiri Kosina
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Jiri Kosina

Prev by Date: Re: [RFC] Second attempt at kernel secure boot support
Next by Date: Re: [RFC] Second attempt at kernel secure boot support
Previous by thread: Re: [RFC] Second attempt at kernel secure boot support
Next by thread: Re: [RFC] Second attempt at kernel secure boot support
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Security] [Bugtraq] [Linux OMAP] [Linux MIPS] [ECOS] [Asterisk Internet PBX] [Linux API]