| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1070be1f-1edf-a2cb-22d7-e39ee334b13e@sembritzki.me>
Date: Thu, 16 Aug 2018 00:14:51 +0200
From: Yannik Sembritzki <yannik@...britzki.me>
To: Vivek Goyal <vgoyal@...hat.com>
Cc: James Bottomley <James.Bottomley@...senPartnership.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
David Howells <dhowells@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Peter Anvin <hpa@...or.com>,
the arch/x86 maintainers <x86@...nel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Dave Young <dyoung@...hat.com>, Baoquan He <bhe@...hat.com>,
Justin Forbes <jforbes@...hat.com>,
Peter Jones <pjones@...hat.com>,
Matthew Garrett <mjg59@...gle.com>
Subject: Re: [PATCH] Fix kexec forbidding kernels signed with custom platform
keys to boot
On 15.08.2018 23:57, Vivek Goyal wrote:
> Aha.., so that's your real problem. You are trying to load VirtualBox
> module and that will not load even if you take ownership of platform
> by adding your key and sign module with that key.
>
> So this patch still will not fix the problem you are facing. It is still
> good to fix the case of kexec/kdump broken on Fedora on secureboot
> machines.
No, I wrote this patch specifically because because of the kexec issue
and would like to seem them merged to fix exactly that :-)
I only replied to the module signing discussion as there were some
ongoing arguments with regard to that. IMO this is resolved with the
patches by Mehmet Kayaalp mentioned by James anyway.
Thanks
Yannik
Powered by blists - more mailing lists