[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security
Konrad Rzeszutek Wilk
konrad at darnok.org
Fri Jun 22 11:29:31 UTC 2012
On Jun 22, 2012 1:49 AM, "Matthew Garrett" <mjg59 at srcf.ucam.org> wrote:
>
> On Fri, Jun 22, 2012 at 10:23:03AM +0800, Cong Wang wrote:
> > On 06/22/2012 04:45 AM, Matthew Garrett wrote:
> > >Discussion:
> > >
> > >We need to talk about what the kernel needs to provide for UEFI secure
> > >boot to be possible, since the alternative is miserable failure and
> > >Linux no longer working on x86 unless people play with the firmware.
> > >That's going to involve at the very least locking down module loading
> > >and various kernel interfaces, but figuring out what else needs to be
> > >covered is fairly important.
> > >
> >
> > Hi, Matthew,
> >
> > I would like to see how this affects kexec reboot.
>
> Kexec kernels are going to have to be signed in the same way that
> modules are, but I suspect there's also some subtleties in the handover
> protocol.
I am curious about how this is going to work with tboot as well. Preferably
with Linux and kexec involved.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linux-foundation.org/pipermail/ksummit-2012-discuss/attachments/20120622/22e4726d/attachment.html>
More information about the Ksummit-2012-discuss
mailing list