On Fri, 7 Feb 2020 at 18:45, Arvind Sankar <nivedita@xxxxxxxxxxxx> wrote: > > On Thu, Feb 06, 2020 at 02:03:50PM +0000, Ard Biesheuvel wrote: > > data structure. It also creates a time window where the initrd data sits > > in memory, and can potentially be corrupted before the kernel is booted. > > > > I don't quite understand the time window aspect -- can you expand on > that? It seems like the same time window exists between when the kernel > is loaded and when it actually runs, no? Why is this more important for > initrd? When using loadimage+startimage, the authentication and measurement of the kernel image occur during the call to loadimage(), even if the source of the load is memory itself, and startimage() is typically called right after. The assumption is that it may help to make this time as short as possible for the initrd as well.
