Kdump with signed images

Matthew Garrett mjg at redhat.com
Tue Oct 23 13:09:13 EDT 2012


On Tue, Oct 23, 2012 at 10:03:37AM -0700, Eric W. Biederman wrote:
> Matthew Garrett <mjg at redhat.com> writes:
> 
> > On Tue, Oct 23, 2012 at 09:19:27AM -0700, Eric W. Biederman wrote:
> >> No.  UEFI secure boot has absolutely nothing todo with this.
> >> 
> >> UEFI secure boot is about not being able to hijack the code EFI runs
> >> directly.  Full stop.
> >
> > No. It's about ensuring that no untrusted code can be run before any OS 
> > kernel, which means that no untrusted code can run *in* any OS kernel.
> 
> Hogwash.

Well, I don't think this conversation's going to go any further in a 
productive manner.

-- 
Matthew Garrett | mjg59 at srcf.ucam.org



More information about the kexec mailing list