Re: [RFC] Second attempt at kernel secure boot support

From: Vivek Goyal
Date: Fri Nov 02 2012 - 11:52:41 EST

Next message: Shuah Khan: "Re: [PATCH linux-next] ARM64: dma-mapping: supportdebug_dma_mapping_error"
Previous message: Jiri Slaby: "Re: [PATCH 21/21] TTY: move tty buffers to tty_port"
In reply to: Matthew Garrett: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: Jiri Kosina: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 02, 2012 at 03:42:48PM +0000, Matthew Garrett wrote:
> On Fri, Nov 02, 2012 at 11:30:48AM -0400, Vivek Goyal wrote:
>
> > "crash" utility has module which allows reading kernel memory. So leaking
> > this private key will be easier then you are thinking it to be.
>
> That's not upstream, right?

Yes, checked with Dave, it is not upstream. Well, still it is a concern
for distro kernel.

So if we keep private key in kernel, looks like we shall have to disable
one more feature in secureboot mode.

Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Shuah Khan: "Re: [PATCH linux-next] ARM64: dma-mapping: supportdebug_dma_mapping_error"
Previous message: Jiri Slaby: "Re: [PATCH 21/21] TTY: move tty buffers to tty_port"
In reply to: Matthew Garrett: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: Jiri Kosina: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]