| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Jun 2015 09:25:36 +0800 From: Dave Young <dyoung@...hat.com> To: "Theodore Ts'o" <tytso@....edu>, Josh Boyer <jwboyer@...oraproject.org>, Eric Biederman <ebiederm@...ssion.com>, David Howells <dhowells@...hat.com>, kexec <kexec@...ts.infradead.org>, "Linux-Kernel@...r. Kernel. Org" <linux-kernel@...r.kernel.org> Subject: Re: kexec_load(2) bypasses signature verification On 06/15/15 at 04:01pm, Theodore Ts'o wrote: > On Mon, Jun 15, 2015 at 09:37:05AM -0400, Josh Boyer wrote: > > The bits that actually read Secure Boot state out of the UEFI > > variables, and apply protections to the machine to avoid compromise > > under the SB threat model. Things like disabling the old kexec... > > I don't have any real interest in using Secure Boot, but I *am* > interested in using CONFIG_KEXEC_VERIFY_SIG[1]. So perhaps we need to > have something similar to what we have with signed modules in terms of > CONFIG_MODULE_SIG_FORCE and module/sig_enforce, but for > KEXEC_VERIFY_SIG. This would mean creating a separate flag > independent of the one Linus suggested for Secure Boot, but since we > have one for signed modules, we do have precedent for this sort of > thing. Agree and vote for this way as I replied in another email about CONFIG_KEXEC_VERIFY_SIG_FORCE. Thanks Dave -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists