From: Warren Togami <wtogami-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: initramfs <initramfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: including python in the initramfs
Date: Tue, 16 Jun 2009 14:55:10 -0400 [thread overview]
Message-ID: <4A37EA8E.7090508@redhat.com> (raw)
In-Reply-To: <1245178189.2150.76.camel@polyethylene>
On 06/16/2009 02:49 PM, Daniel Drake wrote:
>
> heh.. here we go :)
>
> It's part of an antitheft system.
> The users of the machine have root access by design, so they could
> trivially disable any security system that runs on the root filesystem.
> Thieves included.
>
> However, our initramfs is secure. It's signed with OLPC's master key.
> Our special BIOS will not boot an unsigned initramfs. So effectively, we
> can trust that the code we put in the initramfs cannot be
> modified/crippled/disabled.
>
> It's certainly a strange requirement and I figure from your responses
> there is no obvious "good" answer. I agree. I just thought I'd ask
> anyway.
This is a good case for the modules.d design of dracut. Write your own
module that does whatever you want, and install that module only in
cases where you generate the initrd for your XO. Your special module
does not belong in dracut upstream.
Warren Togami
wtogami-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
--
To unsubscribe from this list: send the line "unsubscribe initramfs" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2009-06-16 18:55 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-16 17:40 including python in the initramfs Daniel Drake
2009-06-16 18:22 ` Victor Lowther
[not found] ` <A4EC33E8-3A45-4A6B-AE97-5B48EA425F75-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2009-06-16 18:49 ` Daniel Drake
2009-06-16 18:55 ` Warren Togami [this message]
[not found] ` <4A37EA8E.7090508-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-06-17 7:06 ` Seewer Philippe
[not found] ` <4A38960B.20305-omB+W0Dpw2o@public.gmane.org>
2009-06-17 8:28 ` Daniel Drake
2009-06-16 18:26 ` Warren Togami
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A37EA8E.7090508@redhat.com \
--to=wtogami-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=initramfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.