lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Nov 2013 10:33:50 -0500 From: Vivek Goyal <vgoyal@...hat.com> To: Jiri Kosina <jkosina@...e.cz> Cc: Geert Uytterhoeven <geert@...ux-m68k.org>, "Eric W. Biederman" <ebiederm@...ssion.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, kexec@...ts.infradead.org, "H. Peter Anvin" <hpa@...or.com>, Matthew Garrett <mjg59@...f.ucam.org>, Greg Kroah-Hartman <greg@...ah.com>, Kees Cook <keescook@...omium.org> Subject: Re: [PATCH 0/6] kexec: A new system call to allow in kernel loading On Fri, Nov 22, 2013 at 02:50:43PM +0100, Jiri Kosina wrote: > On Fri, 22 Nov 2013, Vivek Goyal wrote: > > > > OTOH, does this feature make any sense whatsover on architectures that > > > don't support secure boot anyway? > > > > I guess if signed modules makes sense, then being able to kexec signed > > kernel images should make sense too, in general. > > Well, that's really a grey zone, I'd say. > > In a non-secureboot environment, if you are root, you are able to issue > reboot into a completely different, self-made kernel anyway, independent > on whether signed modules are used or not. That's a good poing. Frankly speaking I don't know if there is a good use case to allow loading signed kernels only or not. Kees mentioned that he would like to know where the kernel came from and whether it came from trusted disk or not. So he does seem to have a use case where he wants to launch only trusted kernel or deny execution. Thanks Vivek -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists