On 01/28/2013 08:47 AM, Matthew Garrett wrote:
These patches break functionality that people rely on without providing any functional equivalent, so I'm not suggesting that they be merged as-is. kexec allows trivial circumvention of the trust model (it's trivially equivalent to permitting module loading, for instance) and hibernation allows similar attacks (disable swap, write a pre-formed resume image to swap, reboot). The hibernation patch also shows up a different issue - some userspace drops all capabilities, resulting in things that userspace expects to work no longer working. This seems like an unsurprising result, but breaking userspace is bad and so it'd be nice to figure out if there's another way to handle this.
These at the very least need some kind of CONFIG_WEAK_SECURE_BOOT option or something like that.
-hpa -- H. Peter Anvin, Intel Open Source Technology Center I work for Intel. I don't speak on their behalf. -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html