On Fri, Feb 07, 2020 at 07:47:46PM +0000, Ard Biesheuvel wrote: > On Fri, 7 Feb 2020 at 18:45, Arvind Sankar <nivedita@xxxxxxxxxxxx> wrote: > > > > On Thu, Feb 06, 2020 at 02:03:50PM +0000, Ard Biesheuvel wrote: > > > data structure. It also creates a time window where the initrd data sits > > > in memory, and can potentially be corrupted before the kernel is booted. > > > > > > > I don't quite understand the time window aspect -- can you expand on > > that? It seems like the same time window exists between when the kernel > > is loaded and when it actually runs, no? Why is this more important for > > initrd? > > When using loadimage+startimage, the authentication and measurement of > the kernel image occur during the call to loadimage(), even if the > source of the load is memory itself, and startimage() is typically > called right after. > > The assumption is that it may help to make this time as short as > possible for the initrd as well. Ok, this is for when we can use LoadImage, that makes sense.
