[PATCH V3 08/11] kexec: Disable at runtime if the kernel enforces module loading restrictions
Josh Boyer
jwboyer at fedoraproject.org
Wed Sep 4 16:14:00 EDT 2013
On Wed, Sep 4, 2013 at 4:09 PM, <jerry.hoemann at hp.com> wrote:
> On Tue, Sep 03, 2013 at 07:50:15PM -0400, Matthew Garrett wrote:
>> kexec permits the loading and execution of arbitrary code in ring 0, which
>> is something that module signing enforcement is meant to prevent. It makes
>> sense to disable kexec in this situation.
>>
>> Signed-off-by: Matthew Garrett <matthew.garrett at nebula.com>
>
>
> Matthew,
>
> Disabling kexec will disable kdump, correct?
Yes.
> Are there plans to enable kdump on a system where secure
> boot is enabled?
Vivek Goyal has been working on this. I've not seen the code yet, but
I believe it should be posted somewhere relatively soon. We're also
planning on talking about it at the Secure Boot microconference at
Linux Plumbers in two weeks.
josh
More information about the kexec
mailing list