| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Apr 2013 09:40:38 +0200
From: Thomas Renninger <trenn@...e.de>
To: Tang Chen <tangchen@...fujitsu.com>
Cc: Yinghai Lu <yinghai@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...e.hu>, "H. Peter Anvin" <hpa@...or.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Tejun Heo <tj@...nel.org>, linux-kernel@...r.kernel.org,
Fenghua Yu <fenghua.yu@...el.com>
Subject: Early microcode signing in secure boot environment - Was: x86, microcode: Use common get_ramdisk_image()
Hello,
On Wednesday, April 10, 2013 01:34:33 PM Tang Chen wrote:
> On 04/05/2013 07:46 AM, Yinghai Lu wrote:
> > Use common get_ramdisk_image() to get ramdisk start phys address.
> >
> > We need this to get correct ramdisk adress for 64bit bzImage that
> > initrd can be loaded above 4G by kexec-tools.disk_size;
don't know whether this question came up when this feature got
submitted (if yes a pointer would be appreciated).
Is there a concept how signed microcode can get verified when applied early,
like it is done via firmware loader?
If not, early microcode loading is not really usable in secure boot
environment, right?
Thanks,
Thomas
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists