lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 20 Sep 2023 15:43:27 +0800
From:   Dave Young <dyoung@...hat.com>
To:     Jan Hendrik Farr <kernel@...rr.cc>
Cc:     Philipp Rudo <prudo@...hat.com>, linux-kernel@...r.kernel.org,
        kexec@...ts.infradead.org, x86@...nel.org, tglx@...utronix.de,
        dhowells@...hat.com, vgoyal@...hat.com, keyrings@...r.kernel.org,
        akpm@...ux-foundation.org, Baoquan He <bhe@...hat.com>,
        bhelgaas@...gle.com, Luca Boccassi <bluca@...ian.org>,
        lennart@...ttering.net, "Liu, Pingfan" <piliu@...hat.com>,
        Ard Biesheuvel <ardb@...nel.org>
Subject: Re: [PATCH v2 0/2] x86/kexec: UKI Support

> > In the end the only benefit this series brings is to extend the
> > signature checking on the whole UKI except of just the kernel image.
> > Everything else can also be done in user space. Compared to the
> > problems described above this is a very small gain for me.
>
> Correct. That is the benefit of pulling the UKI apart in the
> kernel. However having to sign the kernel inside the UKI defeats
> the whole point.


Pingfan added the zboot load support in kexec-tools, I know that he is
trying to sign the zboot image and the inside kernel twice. So
probably there are some common areas which can be discussed.
Added Ard and Pingfan in cc.
http://lists.infradead.org/pipermail/kexec/2023-August/027674.html


Thanks
Dave

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ