Re: [RFC] Second attempt at kernel secure boot support

From: Alan Cox
Date: Wed Oct 31 2012 - 12:58:23 EST

Next message: Joonsoo Kim: "[PATCH v2 0/5] minor clean-up and optimize highmem related code"
Previous message: Tejun Heo: "Re: [PATCH 2/8] cgroup: kill CSS_REMOVED"
In reply to: Jiri Kosina: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: Shea Levy: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 31 Oct 2012 16:55:04 +0100 (CET)
Jiri Kosina <jkosina@xxxxxxx> wrote:

> On Wed, 31 Oct 2012, Alan Cox wrote:
>
> > All this depends on your threat model. If I have physical access to
> > suspend/resume your machine then you already lost. If I don't have
> > physical access then I can't boot my unsigned OS to patch your S4 image
> > so it doesn't matter.
>
> Prepare (as a root) a hand-crafted image, reboot, let the kernel resume
> from that artificial image.

It's not signed. It won't reboot from that image.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Joonsoo Kim: "[PATCH v2 0/5] minor clean-up and optimize highmem related code"
Previous message: Tejun Heo: "Re: [PATCH 2/8] cgroup: kill CSS_REMOVED"
In reply to: Jiri Kosina: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: Shea Levy: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]