[RFC] Kdump with signed images.
Eric W. Biederman
ebiederm at xmission.com
Tue Oct 23 12:26:32 EDT 2012
Vivek Goyal <vgoyal at redhat.com> writes:
> On Tue, Oct 23, 2012 at 11:04:29AM +0900, Simon Horman wrote:
>> On Mon, Oct 22, 2012 at 04:43:39PM -0400, Vivek Goyal wrote:
>> > On Fri, Oct 19, 2012 at 10:31:12AM -0400, Vivek Goyal wrote:
>> > [..]
>> > > - What happens to purgatory code. It is unsigned piece of code which
>> > > runs in kernel?
>> > Thinking more about it, another not so clean proposal.
>> I have always assumed that purgatory can't be removed
>> as doing so would break backwards compatibility.
> Hi Simon,
> I think this will be a new parallel path and this new path should be taken
> only on kernel booted with secure boot enabled. (Either automatically or
> by using some kexec command line option). So nothing should be broken
> because we never supported anything on secure boot enabled system.
Rubbish. Kexec works just fine today on a secure boot enabled system.
Ignoring the nonsense that there is no such thing as a secure boot
enabled linux system.
Whatever we implement must work on all linux systems.
If we implement an extension we also must write the code in /sbin/kexec
so that it works on older systems that do not implement that extension.
More information about the kexec