| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+ex1uD4tQ+6V2k3YOA=bufEmHWL24tLVB+Q+oBtTGO-g-W4YQ@mail.gmail.com>
Date: Wed, 4 Sep 2019 03:54:46 -0700
From: Hunter Nins <hunternins@...il.com>
To: linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org
Subject: Question: kexec() ISO images using encrypted partitions and/or
"persistent RAM".
Good day,
I'm currently experimenting with the use of kexec() to change the
currently-running kernel on my test machine (Intel PC). So far, so
good: I'm able to change the currently-running kernel and initrd image
via kexec, and am now attempting to live-boot an ISO image (i.e.
Ubuntu 18.04 Server amd64 image), via the following snippet (not yet
working):
mount -o loop -t iso9660 /public/ubuntu.iso /boot
ISO_FILE="/public/ubuntu.iso"
DEVICE="/dev/sda3"
UUID=$(blkid ${DEVICE} | tail -1 | tr " " "\n" | grep UUID | cut -d\" -f2)
APPEND="toram fromiso=/dev/disk/by-uuid/${UUID}/${ISO_FILE}
iso-scan/filename=/${ISO_PATH}"
kexec -l /boot/casper/vmlinuz --initrd=/boot/casper/initrd
--append="${APPEND}"
Question: is it possible to kexec() into an ISO that's stored on my
sole (LUKS encrypted) OS partition on the device, or from a RAM disk?
I've looked into using PRAM, for example
(https://lwn.net/Articles/561330/) to store the ISO in a persistent
RAM disk, but the feature appears to be a non-standard, beta feature
at best. My alternative is to attempt to kexec + ISO boot from an
encrypted partition (i.e. "/dev/mapper/ubuntu--vg-root"), which I'm
not sure is possible/supported, as I'm not permitted to have
non-encrypted partitions or USB thumb drives on the server I'm
currently testing this on.
Thank you.
Powered by blists - more mailing lists