[RFC] Kdump with UEFI secure boot (Re: [PATCH v2] kdump: pass acpi_rsdp= to 2nd kernel for efi booting)
Matthew Garrett
mjg at redhat.com
Tue Oct 23 11:41:24 EDT 2012
On Tue, Oct 23, 2012 at 10:59:20AM -0400, Vivek Goyal wrote:
> But what about creation of a new program which can call kexec_load()
> and execute an unsigned kernel. Doesn't look like that will be
> prevented using IMA.
Right. Trusting userspace would require a new system call that passes in
a signature of the userspace binary, and the kernel would then have to
verify the ELF object in memory in order to ensure that it
matches the signature. Verifying that the copy on the filesystem is
unmodified isn't adequate - an attacker could simply have paused the
process and injected code. Realistically, the only solution here is for
the kernel to verify that the kernel it's about to boot is signed and
for it not to take any untrusted executable code from userspace.
--
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the kexec
mailing list