| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20111107205859.GA28681@srcf.ucam.org> Date: Mon, 7 Nov 2011 20:58:59 +0000 From: Matthew Garrett <mjg59@...f.ucam.org> To: "H. Peter Anvin" <hpa@...or.com> Cc: Matt Fleming <matt@...sole-pimps.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...e.hu>, Zhang Rui <rui.zhang@...el.com>, Huang Ying <huang.ying.caritas@...il.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH v3] x86, efi: Calling __pa() with an ioremap'd address is invalid On Mon, Nov 07, 2011 at 12:57:40PM -0800, H. Peter Anvin wrote: > On 11/07/2011 12:48 PM, Matthew Garrett wrote: > > > > If the kernel is able to call boot services then the kernel needs to be > > signed. If it's all handled by the bootloader then the bootloader can be > > signed and the kernel doesn't have to be. Depends which one people > > update more, I guess. > > > > ... and what security attributes they are looking for. Yup. > However, "EFI stub in the kernel" doesn't mean "can't use an external > bootloader." Agreed. It just means that we're still plausibly going to need some handshaking between them. Alternatively, as long as the bootloader passes us the memory map, we can just ignore any E820 map it gives us anyway. -- Matthew Garrett | mjg59@...f.ucam.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists