[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALu+AoTAUWWtx8yChQMKF9J5X_Qd8+x0hz0jzVwoOvAvh5VmHA@mail.gmail.com>
Date: Wed, 20 Sep 2023 15:43:27 +0800
From: Dave Young <dyoung@...hat.com>
To: Jan Hendrik Farr <kernel@...rr.cc>
Cc: Philipp Rudo <prudo@...hat.com>, linux-kernel@...r.kernel.org,
kexec@...ts.infradead.org, x86@...nel.org, tglx@...utronix.de,
dhowells@...hat.com, vgoyal@...hat.com, keyrings@...r.kernel.org,
akpm@...ux-foundation.org, Baoquan He <bhe@...hat.com>,
bhelgaas@...gle.com, Luca Boccassi <bluca@...ian.org>,
lennart@...ttering.net, "Liu, Pingfan" <piliu@...hat.com>,
Ard Biesheuvel <ardb@...nel.org>
Subject: Re: [PATCH v2 0/2] x86/kexec: UKI Support
> > In the end the only benefit this series brings is to extend the
> > signature checking on the whole UKI except of just the kernel image.
> > Everything else can also be done in user space. Compared to the
> > problems described above this is a very small gain for me.
>
> Correct. That is the benefit of pulling the UKI apart in the
> kernel. However having to sign the kernel inside the UKI defeats
> the whole point.
Pingfan added the zboot load support in kexec-tools, I know that he is
trying to sign the zboot image and the inside kernel twice. So
probably there are some common areas which can be discussed.
Added Ard and Pingfan in cc.
http://lists.infradead.org/pipermail/kexec/2023-August/027674.html
Thanks
Dave
Powered by blists - more mailing lists