[RFC 0/3] extend kexec_file_load system call
dyoung at redhat.com
Wed Jul 13 01:36:32 PDT 2016
> Now, going back to the more fundamental issue raised in my first reply,
> about the kernel command line.
> On x86, I can see that it _is_ possible for userspace to specify a
> command line, and the kernel loading the image provides the command
> line to the to-be-kexeced kernel with very little checking. So, if
> your kernel is signed, what stops the "insecure userspace" loading
> a signed kernel but giving it an insecure rootfs and/or console?
The kexec_file_load syscall was introduced for secure boot in the first
place. In case UEFI secure boot the signature verification chain only
covers kernel mode binaries. I think there is such problem in both normal
boot and kexec boot.
More information about the kexec