On 06/25/15 at 11:59am, Vivek Goyal wrote:
> On Thu, Jun 25, 2015 at 04:48:18PM +0800, Dave Young wrote:
> > On 06/19/15 at 09:09am, Vivek Goyal wrote:
> > > On Fri, Jun 19, 2015 at 04:18:16PM +0800, Dave Young wrote:
> > > > > > If we want to disable unsigned kernel loading at compile time, then
On Thu, Jun 25, 2015 at 04:48:18PM +0800, Dave Young wrote:
> On 06/19/15 at 09:09am, Vivek Goyal wrote:
> > On Fri, Jun 19, 2015 at 04:18:16PM +0800, Dave Young wrote:
> > > > > If we want to disable unsigned kernel loading at compile time, then we
> > > > > really need to work on decoupling CONFI
On 06/19/15 at 09:09am, Vivek Goyal wrote:
> On Fri, Jun 19, 2015 at 04:18:16PM +0800, Dave Young wrote:
> > > > If we want to disable unsigned kernel loading at compile time, then we
> > > > really need to work on decoupling CONFIG_KEXEC and CONFIG_FILE_KEXEC.
> > > > Introducing another config op
On Fri, Jun 19, 2015 at 03:04:31PM +0800, Dave Young wrote:
> On 06/16/15 at 09:47pm, Vivek Goyal wrote:
> > On Tue, Jun 16, 2015 at 08:32:37PM -0500, Eric W. Biederman wrote:
> > > Vivek Goyal writes:
> > >
> > > > On Tue, Jun 16, 2015 at 02:38:31PM -0500, Eric W. Biederman wrote:
> > > >>
> >
On Fri, Jun 19, 2015 at 04:18:16PM +0800, Dave Young wrote:
> > > If we want to disable unsigned kernel loading at compile time, then we
> > > really need to work on decoupling CONFIG_KEXEC and CONFIG_FILE_KEXEC.
> > > Introducing another config option is not the way forward, IMHO.
> >
> > Yes, le
> > If we want to disable unsigned kernel loading at compile time, then we
> > really need to work on decoupling CONFIG_KEXEC and CONFIG_FILE_KEXEC.
> > Introducing another config option is not the way forward, IMHO.
>
> Yes, let's do it in this way since everyone is fine with it.
I will work on
On 06/16/15 at 09:47pm, Vivek Goyal wrote:
> On Tue, Jun 16, 2015 at 08:32:37PM -0500, Eric W. Biederman wrote:
> > Vivek Goyal writes:
> >
> > > On Tue, Jun 16, 2015 at 02:38:31PM -0500, Eric W. Biederman wrote:
> > >>
> > >> Adding Vivek as he is the one who implemented kexec_file_load.
> > >>
On 06/18/15 at 09:30am, Vivek Goyal wrote:
> On Thu, Jun 18, 2015 at 10:02:09AM +0800, Dave Young wrote:
>
> [..]
> > > Or simply add a new config option KEXEC_VERIFY_SIG_FORCE, so we can return
> > > error in kexec_load and print some error message.
> >
> > Just like below, does this work for yo
Vivek Goyal writes:
> On Thu, Jun 18, 2015 at 10:02:09AM +0800, Dave Young wrote:
>
> [..]
>> > Or simply add a new config option KEXEC_VERIFY_SIG_FORCE, so we can return
>> > error in kexec_load and print some error message.
>>
>> Just like below, does this work for you, Ted?
>>
>> ---
>> arc
On Thu, Jun 18, 2015 at 10:02:09AM +0800, Dave Young wrote:
[..]
> > Or simply add a new config option KEXEC_VERIFY_SIG_FORCE, so we can return
> > error in kexec_load and print some error message.
>
> Just like below, does this work for you, Ted?
>
> ---
> arch/x86/Kconfig |7 +++
> ke
On 06/18/15 at 09:16am, Dave Young wrote:
> On 06/16/15 at 09:47pm, Vivek Goyal wrote:
> > On Tue, Jun 16, 2015 at 08:32:37PM -0500, Eric W. Biederman wrote:
> > > Vivek Goyal writes:
> > >
> > > > On Tue, Jun 16, 2015 at 02:38:31PM -0500, Eric W. Biederman wrote:
> > > >>
> > > >> Adding Vivek
On 06/15/15 at 04:01pm, Theodore Ts'o wrote:
> On Mon, Jun 15, 2015 at 09:37:05AM -0400, Josh Boyer wrote:
> > The bits that actually read Secure Boot state out of the UEFI
> > variables, and apply protections to the machine to avoid compromise
> > under the SB threat model. Things like disabling
On 06/16/15 at 09:47pm, Vivek Goyal wrote:
> On Tue, Jun 16, 2015 at 08:32:37PM -0500, Eric W. Biederman wrote:
> > Vivek Goyal writes:
> >
> > > On Tue, Jun 16, 2015 at 02:38:31PM -0500, Eric W. Biederman wrote:
> > >>
> > >> Adding Vivek as he is the one who implemented kexec_file_load.
> > >>
> [1] Yes, it doesn't buy all that much, since if the system is rooted
> the adversary can just replace the kernel in /boot and force a normal,
> slower reboot, but the same could be said for signed modules --- the
> adversary could just replace all of /boot/vmlinux- and
> /lib/modules/. But both
On Tue, Jun 16, 2015 at 04:27:57PM -0400, Vivek Goyal wrote:
>
> So looks like you are looking for a system/option where you just want to
> always make use of kexec_file_load() and disable kexec_load(). This sounds
> like you want a kernel where kexec_load() is compiled out and you want
> only kex
On Tue, Jun 16, 2015 at 08:32:37PM -0500, Eric W. Biederman wrote:
> Vivek Goyal writes:
>
> > On Tue, Jun 16, 2015 at 02:38:31PM -0500, Eric W. Biederman wrote:
> >>
> >> Adding Vivek as he is the one who implemented kexec_file_load.
> >> I was hoping he would respond to this thread, and it loo
Vivek Goyal writes:
> On Tue, Jun 16, 2015 at 02:38:31PM -0500, Eric W. Biederman wrote:
>>
>> Adding Vivek as he is the one who implemented kexec_file_load.
>> I was hoping he would respond to this thread, and it looks like he
>> simply has not ever been Cc'd.
>>
>> Theodore Ts'o writes:
>>
On Tue, Jun 16, 2015 at 02:38:31PM -0500, Eric W. Biederman wrote:
>
> Adding Vivek as he is the one who implemented kexec_file_load.
> I was hoping he would respond to this thread, and it looks like he
> simply has not ever been Cc'd.
>
> Theodore Ts'o writes:
>
> > On Mon, Jun 15, 2015 at 09:
Adding Vivek as he is the one who implemented kexec_file_load.
I was hoping he would respond to this thread, and it looks like he
simply has not ever been Cc'd.
Theodore Ts'o writes:
> On Mon, Jun 15, 2015 at 09:37:05AM -0400, Josh Boyer wrote:
>> The bits that actually read Secure Boot state o
On Mon, Jun 15, 2015 at 09:37:05AM -0400, Josh Boyer wrote:
> The bits that actually read Secure Boot state out of the UEFI
> variables, and apply protections to the machine to avoid compromise
> under the SB threat model. Things like disabling the old kexec...
I don't have any real interest in u
On Mon, Jun 15, 2015 at 9:17 AM, Theodore Ts'o wrote:
> On Mon, Jun 15, 2015 at 08:14:19AM -0400, Josh Boyer wrote:
>> Yes, which is why most of the distro vendors carry an out-of-tree
>> patch that disables the old kexec in an SB setup. It would be nice if
>> we could merge said patches. Howeve
On Mon, Jun 15, 2015 at 08:14:19AM -0400, Josh Boyer wrote:
> Yes, which is why most of the distro vendors carry an out-of-tree
> patch that disables the old kexec in an SB setup. It would be nice if
> we could merge said patches. However, they depend on Matthew's
> secure_modules/trusted_kernel/
On Sun, Jun 14, 2015 at 11:50 PM, Theodore Ts'o wrote:
> From experimentation and from looking at the sources, it appears that
> the signature checking is only done in the kexec_file_load(2) system
> all, and not in the kexec_load(2) system call. And I understand why
> -- the signature is not sen
23 matches
Mail list logo
