[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security
mjg59 at srcf.ucam.org
Sat Jun 23 14:47:53 UTC 2012
On Sat, Jun 23, 2012 at 05:15:19PM +0800, Cong Wang wrote:
> On Fri, Jun 22, 2012 at 1:48 PM, Matthew Garrett <mjg59 at srcf.ucam.org> wrote:
> > Kexec kernels are going to have to be signed in the same way that
> > modules are, but I suspect there's also some subtleties in the handover
> > protocol.
> At least /sbin/kexec needs to be patched to verify the sign key?
We can't trust userspace verification. The kernel needs to verify it as
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the Ksummit-2012-discuss