[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security

Matthew Garrett mjg59 at srcf.ucam.org
Wed Jun 27 17:24:19 UTC 2012


On Wed, Jun 27, 2012 at 01:14:13PM -0400, Steven Rostedt wrote:
> On Sat, 2012-06-23 at 15:47 +0100, Matthew Garrett wrote:
> > We can't trust userspace verification. The kernel needs to verify it as 
> > well.
> > 
> 
> I'm curious, on a crash, will the verification take place just before it
> boots the new kernel? Or is there going to be verification a head of
> time, and we just trust that nothing can touch that memory?

If anything's able to write into kernel memory then I think we've 
already got fairly significant problems. The model I was envisaging 
would involve the kernel verifying the kdump kernel when userspace loads 
it.

-- 
Matthew Garrett | mjg59 at srcf.ucam.org


More information about the Ksummit-2012-discuss mailing list