| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Jun 2014 13:58:11 -0700 From: Andrew Morton <akpm@...ux-foundation.org> To: Vivek Goyal <vgoyal@...hat.com> Cc: linux-kernel@...r.kernel.org, kexec@...ts.infradead.org, ebiederm@...ssion.com, hpa@...or.com, mjg59@...f.ucam.org, greg@...ah.com, bp@...en8.de, dyoung@...hat.com, chaowang@...hat.com, bhe@...hat.com Subject: Re: [PATCH 00/15][V4] kexec: A new system call to allow in kernel loading On Thu, 26 Jun 2014 16:33:29 -0400 Vivek Goyal <vgoyal@...hat.com> wrote: > This patch series does not do kernel signature verification yet. I plan > to post another patch series for that. Now distributions are already signing > PE/COFF bzImage with PKCS7 signature I plan to parse and verify those > signatures. > > Primary goal of this patchset is to prepare groundwork so that kernel > image can be signed and signatures be verified during kexec load. This > should help with two things. > > - It should allow kexec/kdump on secureboot enabled machines. > > - In general it can help even without secureboot. By being able to verify > kernel image signature in kexec, it should help with avoiding module > signing restrictions. Matthew Garret showed how to boot into a custom > kernel, modify first kernel's memory and then jump back to old kernel and > bypass any policy one wants to. > > I hope these patches can be queued up for 3.17. Even without signature > verification support, they provide new syscall functionality. But I > wil leave it to maintainers to decide if they want signature verification > support also be ready to merge before they merge this patchset. Well, this is an absolute ton of new code, much of it pretty complex. And I believe the entire point of this work is to enable image signature checking, but that hasn't been implemented yet? In which case I'm thinking it would be unwise to merge these parts into mainline - if signature checking doesn't work or fails review or if you get hit by a bus then we'd be left with a large lump of rather useless code? In which case I'm inclined to put this series into -next and keep it there pending completion of the signature checking part. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists