kexec_load(2) bypasses signature verification

Theodore Ts'o tytso at mit.edu
Mon Jun 15 06:17:28 PDT 2015


On Mon, Jun 15, 2015 at 08:14:19AM -0400, Josh Boyer wrote:
> Yes, which is why most of the distro vendors carry an out-of-tree
> patch that disables the old kexec in an SB setup.  It would be nice if
> we could merge said patches.  However, they depend on Matthew's
> secure_modules/trusted_kernel/<whatever name that works> patchset
> which has gotten little movement since we came up with a tentative
> agreement at LPC 2013.

Signed modules is in, though, right?  And the fact that we have
CONFIG_SIGNED_PE_FILE_VERIFICATION means we're doing unatural file
signatures w/o using ELF, which I thought was the basis of Linus's
accusation that Red Hat was performing intimate/physical acts with
Microsoft.  :-)

I would have thought those were the nasty bits to get in; out of
curiosity, what's still missing?

Regards,

						- Ted



More information about the kexec mailing list