[Xen-devel] [PATCH v3 00/11] xen: Initial kexec/kdump implementation
H. Peter Anvin
hpa at zytor.com
Fri Jan 11 16:03:41 EST 2013
On 01/11/2013 12:52 PM, Vivek Goyal wrote:
>
> Eric,
>
> In a private conversation, David Howells suggested why not pass kernel
> signature in a segment to kernel and kernel can do the verification.
>
> /sbin/kexec signature is verified by kernel at exec() time. Then
> /sbin/kexec just passes one signature segment (after regular segment) for
> each segment being loaded. The segments which don't have signature,
> are passed with section size 0. And signature passing behavior can be
> controlled by one new kexec flag.
>
> That way /sbin/kexec does not have to worry about doing any verification
> by itself. In fact, I am not sure how it can do the verification when
> crypto libraries it will need are not signed (assuming they are not
> statically linked in).
>
> What do you think about this idea?
>
A signed /sbin/kexec would realistically have to be statically linked,
at least in the short term; otherwise the libraries and ld.so would need
verification as well.
Now, that *might* very well have some real value -- there are certainly
users out there who would very much want only binaries signed with
specific keys to get run on their system.
-hpa
More information about the kexec
mailing list