On 06/16/2009 02:49 PM, Daniel Drake wrote:
heh.. here we go :) It's part of an antitheft system. The users of the machine have root access by design, so they could trivially disable any security system that runs on the root filesystem. Thieves included. However, our initramfs is secure. It's signed with OLPC's master key. Our special BIOS will not boot an unsigned initramfs. So effectively, we can trust that the code we put in the initramfs cannot be modified/crippled/disabled. It's certainly a strange requirement and I figure from your responses there is no obvious "good" answer. I agree. I just thought I'd ask anyway.
This is a good case for the modules.d design of dracut. Write your own module that does whatever you want, and install that module only in cases where you generate the initrd for your XO. Your special module does not belong in dracut upstream.
Warren Togami wtogami@xxxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe initramfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
