From: Vivek Goyal <vgoyal@redhat.com>
To: Maxim Uvarov <muvarov@gmail.com>
Cc: kexec@lists.infradead.org, Simon Horman <horms@verge.net.au>,
"Eric W. Biederman" <ebiederm@xmission.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Matthew Garrett <mjg@redhat.com>, Dave Young <dyoung@redhat.com>,
Khalid Aziz <khalid@gonehiking.org>
Subject: Re: [RFC] Kdump with signed images.
Date: Tue, 23 Oct 2012 15:16:21 -0400 [thread overview]
Message-ID: <20121023191621.GG16496@redhat.com> (raw)
In-Reply-To: <CAJGZr0KeivwwqA84n6k-xLpXBY59ekWCsfQN7UfiGxVz7xm73Q@mail.gmail.com>
On Tue, Oct 23, 2012 at 11:11:05PM +0400, Maxim Uvarov wrote:
> 2012/10/23 Vivek Goyal <vgoyal@redhat.com>:
> > On Tue, Oct 23, 2012 at 09:26:32AM -0700, Eric W. Biederman wrote:
> >
> > [..]
> >> > I think this will be a new parallel path and this new path should be taken
> >> > only on kernel booted with secure boot enabled. (Either automatically or
> >> > by using some kexec command line option). So nothing should be broken
> >> > because we never supported anything on secure boot enabled system.
> >>
> >> Rubbish. Kexec works just fine today on a secure boot enabled system.
> >> Ignoring the nonsense that there is no such thing as a secure boot
> >> enabled linux system.
> >
> > I think it is a security hole for the systems where we don't want to run
> > unsigned priviliged code. So yes, it works as of today, but at some point
> > of time we shall have to close this hole.
> >
> > Thanks
> > Vivek
> >
> Signatures kernel & modules in general good for support reason. We can
> say for example that we support only signed kernel and signed modules
> for that kernel, so we are sure that this binaries match our source.
> But what is the reason of checking signatures in kexec? If you have
> root privileges then more likely you have access to boot loader or to
> physical machine (console, bios). Might be useful only for embedded
> things to prevent enthusiasts play with already manufactured devices.
The way I understand is that we don't allow any unsigned code to run
at priviliged level. That's why early from boot everything is signed,
that includes shim, bootloader, kernel and modules. User space code
does not run with privilige, so it is let run without being signed.
Why do it, matthew has explained here in his blog.
http://mjg59.dreamwidth.org/9844.html
Thanks
Vivek
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2012-10-23 19:16 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-18 3:10 [PATCH v2] kdump: pass acpi_rsdp= to 2nd kernel for efi booting Dave Young
2012-10-18 14:56 ` Khalid Aziz
2012-10-18 19:11 ` Vivek Goyal
2012-10-18 19:22 ` Khalid Aziz
2012-10-18 19:38 ` [RFC] Kdump with UEFI secure boot (Re: [PATCH v2] kdump: pass acpi_rsdp= to 2nd kernel for efi booting) Vivek Goyal
2012-10-18 19:55 ` Matthew Garrett
2012-10-18 22:25 ` Eric W. Biederman
2012-10-19 2:06 ` Vivek Goyal
2012-10-19 3:36 ` Eric W. Biederman
2012-10-19 14:31 ` Vivek Goyal
2012-10-22 20:43 ` Vivek Goyal
2012-10-22 21:11 ` Eric W. Biederman
2012-10-23 2:04 ` Simon Horman
2012-10-23 13:24 ` Vivek Goyal
2012-10-23 16:26 ` [RFC] Kdump with signed images Eric W. Biederman
2012-10-23 17:39 ` Vivek Goyal
2012-10-23 19:11 ` Maxim Uvarov
2012-10-23 19:16 ` Vivek Goyal [this message]
2012-10-22 21:07 ` [RFC] Kdump with UEFI secure boot (Re: [PATCH v2] kdump: pass acpi_rsdp= to 2nd kernel for efi booting) Eric W. Biederman
2012-10-23 13:18 ` Vivek Goyal
2012-10-23 14:59 ` Vivek Goyal
2012-10-23 15:41 ` Matthew Garrett
2012-10-23 16:44 ` [RFC] Kdump with signed images Eric W. Biederman
2012-10-23 16:52 ` Matthew Garrett
2012-10-24 17:19 ` Vivek Goyal
2012-10-25 5:43 ` Mimi Zohar
2012-10-25 6:44 ` Kees Cook
2012-10-25 7:01 ` Mimi Zohar
2012-10-25 13:54 ` Vivek Goyal
2012-10-25 19:06 ` Mimi Zohar
2012-10-25 15:39 ` [RFC] Kdump with UEFI secure boot (Re: [PATCH v2] kdump: pass acpi_rsdp= to 2nd kernel for efi booting) Vivek Goyal
2012-10-23 16:19 ` Kdump with signed images Eric W. Biederman
2012-10-23 16:31 ` Matthew Garrett
2012-10-23 17:03 ` Eric W. Biederman
2012-10-23 17:09 ` Matthew Garrett
2012-10-24 17:36 ` Vivek Goyal
2012-10-25 6:10 ` Mimi Zohar
2012-10-25 14:10 ` Vivek Goyal
2012-10-25 18:40 ` Mimi Zohar
2012-10-25 18:55 ` Vivek Goyal
2012-10-26 1:15 ` Mimi Zohar
2012-10-26 2:39 ` Matthew Garrett
2012-10-26 3:30 ` Eric W. Biederman
2012-10-26 17:06 ` Vivek Goyal
2012-10-26 18:37 ` Mimi Zohar
2012-11-01 13:10 ` Vivek Goyal
2012-11-01 13:53 ` Vivek Goyal
2012-11-01 14:29 ` Mimi Zohar
2012-11-01 14:43 ` Vivek Goyal
2012-11-01 14:52 ` Matthew Garrett
2012-11-02 13:23 ` Vivek Goyal
2012-11-02 14:29 ` Balbir Singh
2012-11-02 14:36 ` Vivek Goyal
2012-11-03 3:02 ` Balbir Singh
2012-11-02 21:34 ` H. Peter Anvin
2012-11-02 21:32 ` Eric W. Biederman
2012-11-05 18:03 ` Vivek Goyal
2012-11-05 19:44 ` Eric W. Biederman
2012-11-05 20:42 ` Vivek Goyal
2012-11-05 23:01 ` H. Peter Anvin
2012-11-06 19:34 ` Vivek Goyal
2012-11-06 23:51 ` Eric W. Biederman
2012-11-08 19:40 ` Vivek Goyal
2012-11-08 19:45 ` Vivek Goyal
2012-11-08 21:03 ` Eric W. Biederman
2012-11-09 14:39 ` Vivek Goyal
2012-11-15 5:09 ` Eric W. Biederman
2012-11-15 12:56 ` Mimi Zohar
2012-11-08 20:46 ` Mimi Zohar
2012-11-01 14:51 ` Vivek Goyal
2012-11-01 14:57 ` Matthew Garrett
2012-11-01 15:10 ` Khalid Aziz
2012-11-01 16:23 ` Matthew Garrett
2012-11-02 16:57 ` Khalid Aziz
2012-10-26 17:59 ` Mimi Zohar
2012-10-26 18:19 ` Matthew Garrett
2012-10-26 18:25 ` Mimi Zohar
2012-10-23 15:51 ` [RFC] Kdump with UEFI secure boot (Re: [PATCH v2] kdump: pass acpi_rsdp= to 2nd kernel for efi booting) Eric W. Biederman
2012-10-23 17:18 ` Vivek Goyal
2012-10-19 17:53 ` Vivek Goyal
2012-10-22 21:15 ` Eric W. Biederman
2012-11-02 21:36 ` H. Peter Anvin
2012-11-05 18:11 ` Vivek Goyal
2012-11-05 19:54 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121023191621.GG16496@redhat.com \
--to=vgoyal@redhat.com \
--cc=dyoung@redhat.com \
--cc=ebiederm@xmission.com \
--cc=horms@verge.net.au \
--cc=hpa@zytor.com \
--cc=kexec@lists.infradead.org \
--cc=khalid@gonehiking.org \
--cc=mjg@redhat.com \
--cc=muvarov@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox