| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <037F493892196B458CD3E193E8EBAD4F01ED9FE3B1@pdsmsx502.ccr.corp.intel.com> Date: Wed, 30 Sep 2009 10:16:55 +0800 From: "Wang, Shane" <shane.wang@...el.com> To: Arjan van de Ven <arjan@...radead.org>, Pavel Machek <pavel@....cz> CC: "H. Peter Anvin" <hpa@...or.com>, "Rafael J. Wysocki" <rjw@...k.pl>, Linus Torvalds <torvalds@...ux-foundation.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Ingo Molnar <mingo@...e.hu>, Thomas Gleixner <tglx@...utronix.de>, "Cihula, Joseph" <joseph.cihula@...el.com> Subject: RE: [GIT PULL] x86/txt for v2.6.32 Arjan van de Ven wrote: > On Tue, 29 Sep 2009 19:13:18 +0200 > Pavel Machek <pavel@....cz> wrote: > >> Ok, and what prevents me from commenting out the MAC checking code? >> > > because the bios verified some code that verified the kernel which > includes the MAC checking code .. as part of returning from S3 ? Yes, S3 sleep/resume cause another cycle to build the measured environment. i.e. SINIT will verify tboot, tboot will verify kernel mem, kernel will verify userspace mem. If you comment out the MAC checking code in any party, the chain will lost and S3 resume will fail. Thanks. Shane -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists