[RFC] Kdump with signed images
mjg at redhat.com
Tue Oct 23 12:52:02 EDT 2012
On Tue, Oct 23, 2012 at 09:44:59AM -0700, Eric W. Biederman wrote:
> Hogwash. The kernel verifing a signature of /sbin/kexec at exec time is
> perfectly reasonable, and realistic. In fact finding a way to trust
> small bits of userspace even if root is compromised seems a far superior
> model to simply solving the signing problem for /sbin/kexec.
The kernel verifying the signature of /sbin/kexec and then knowing that
it should only grant permission to make this syscall to /sbin/kexec,
without that policy being provided by userspace.
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the kexec