| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <D400L4YN4K7K.264IDL4O8374F@kernel.org> Date: Sat, 07 Sep 2024 14:27:20 +0300 From: "Jarkko Sakkinen" <jarkko@...nel.org> To: "Philipp Rudo" <prudo@...hat.com>, "Ard Biesheuvel" <ardb@...nel.org> Cc: "Pingfan Liu" <piliu@...hat.com>, "Jan Hendrik Farr" <kernel@...rr.cc>, "Lennart Poettering" <mzxreary@...inter.de>, "Eric Biederman" <ebiederm@...ssion.com>, "Baoquan He" <bhe@...hat.com>, "Dave Young" <dyoung@...hat.com>, "Mark Rutland" <mark.rutland@....com>, "Will Deacon" <will@...nel.org>, "Catalin Marinas" <catalin.marinas@....com>, <kexec@...ts.infradead.org>, <linux-efi@...r.kernel.org>, <linux-kernel@...r.kernel.org> Subject: Re: [RFCv2 0/9] UEFI emulator for kexec On Fri Sep 6, 2024 at 1:54 PM EEST, Philipp Rudo wrote: > Let me throw an other wild idea in the ring. Instead of implementing > a EFI runtime we could also include a eBPF version of the stub into the > images. kexec could then extract the eBPF program and let it run just > like any other eBPF program with all the pros (and cons) that come with > it. That won't be as generic as the EFI runtime, e.g. you couldn't > simply kexec any OS installer. On the other hand it would make it > easier to port UKIs et al. to non-EFI systems. What do you think? BPF would have some guarantees that are favorable such as programs always end, even faulty ones. It always has implicit "ExitBootServices". Just a remark. BR, Jarkko
Powered by blists - more mailing lists