[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security
mjg59 at srcf.ucam.org
Wed Jun 27 17:24:19 UTC 2012
On Wed, Jun 27, 2012 at 01:14:13PM -0400, Steven Rostedt wrote:
> On Sat, 2012-06-23 at 15:47 +0100, Matthew Garrett wrote:
> > We can't trust userspace verification. The kernel needs to verify it as
> > well.
> I'm curious, on a crash, will the verification take place just before it
> boots the new kernel? Or is there going to be verification a head of
> time, and we just trust that nothing can touch that memory?
If anything's able to write into kernel memory then I think we've
already got fairly significant problems. The model I was envisaging
would involve the kernel verifying the kdump kernel when userspace loads
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the Ksummit-2012-discuss