[RFC] Kdump with signed images

Matthew Garrett mjg at redhat.com
Tue Oct 23 12:52:02 EDT 2012


On Tue, Oct 23, 2012 at 09:44:59AM -0700, Eric W. Biederman wrote:

> Hogwash.  The kernel verifing a signature of /sbin/kexec at exec time is
> perfectly reasonable, and realistic.  In fact finding a way to trust
> small bits of userspace even if root is compromised seems a far superior
> model to simply solving the signing problem for /sbin/kexec.

The kernel verifying the signature of /sbin/kexec and then knowing that 
it should only grant permission to make this syscall to /sbin/kexec, 
without that policy being provided by userspace.

-- 
Matthew Garrett | mjg59 at srcf.ucam.org



More information about the kexec mailing list