On Thu, 2013-02-28 at 15:08 -0500, Vivek Goyal wrote: > - New hook is required so that we can call it after locking down the > executable in memory. Even if we have a separate method/hook for > bzImage verification, it does not take away the need for verifying > /sbin/kexec excutable signature. Because apart from bzImage, that > process loads lot more information like purgatory, bootparams and > there is no way to verify signatures of those. So by verifying > /sbin/kexec it is assumed that purgaotry and bootparams can be > trusted because it is coming from a signed process.
Ok, this is what I was missing. thanks, Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
