lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20111107204839.GA28261@srcf.ucam.org>
Date:	Mon, 7 Nov 2011 20:48:39 +0000
From:	Matthew Garrett <mjg59@...f.ucam.org>
To:	"H. Peter Anvin" <hpa@...or.com>
Cc:	Matt Fleming <matt@...sole-pimps.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...e.hu>, Zhang Rui <rui.zhang@...el.com>,
	Huang Ying <huang.ying.caritas@...il.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] x86, efi: Calling __pa() with an ioremap'd address
 is invalid

On Mon, Nov 07, 2011 at 12:45:31PM -0800, H. Peter Anvin wrote:
> On 11/07/2011 12:37 PM, Matthew Garrett wrote:
> > On Mon, Nov 07, 2011 at 12:36:13PM -0800, H. Peter Anvin wrote:
> > 
> >> Yes, I think it makes a lot of sense.  If we need to introduce new
> >> meta-types to deal with the fact that there are EFI types that don't map
> >> to E820, then so be it... and this is *exactly* why we want the EFI
> >> setup stub to be part of the kernel image and not off in a separate
> >> bootloader, requiring a stable interface...
> > 
> > I don't disagree, it's just going to be an absolute pain to manage that 
> > in a secure boot world.
> 
> Could you clarify, please?

If the kernel is able to call boot services then the kernel needs to be 
signed. If it's all handled by the bootloader then the bootloader can be 
signed and the kernel doesn't have to be. Depends which one people 
update more, I guess.

-- 
Matthew Garrett | mjg59@...f.ucam.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ