[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security

Matthew Garrett mjg59 at srcf.ucam.org
Fri Jun 22 05:48:59 UTC 2012


On Fri, Jun 22, 2012 at 10:23:03AM +0800, Cong Wang wrote:
> On 06/22/2012 04:45 AM, Matthew Garrett wrote:
> >Discussion:
> >
> >We need to talk about what the kernel needs to provide for UEFI secure
> >boot to be possible, since the alternative is miserable failure and
> >Linux no longer working on x86 unless people play with the firmware.
> >That's going to involve at the very least locking down module loading
> >and various kernel interfaces, but figuring out what else needs to be
> >covered is fairly important.
> >
> 
> Hi, Matthew,
> 
> I would like to see how this affects kexec reboot.

Kexec kernels are going to have to be signed in the same way that 
modules are, but I suspect there's also some subtleties in the handover 
protocol.

-- 
Matthew Garrett | mjg59 at srcf.ucam.org


More information about the Ksummit-2012-discuss mailing list