Re: [Xen-devel] [PATCH v3 00/11] xen: Initial kexec/kdumpimplementation

From: Vivek Goyal
Date: Fri Jan 11 2013 - 15:43:28 EST

Next message: Linus Walleij: "Re: [PATCH v2] drivers/pinctrl: grab default handles from device core"
Previous message: Steven Rostedt: "Re: [PATCH -tip 0/3] Move kprobes files under the kprobes directory"
In reply to: H. Peter Anvin: "Re: [Xen-devel] [PATCH v3 00/11] xen: Initial kexec/kdump implementation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 11, 2013 at 12:26:48PM -0800, H. Peter Anvin wrote:
> >
> >And there is nothing fancy to be done for EFI and SecureBoot? Or is
> >that something that the kernel has to handle on its own (so somehow
> >passing some certificates to somewhere).
> >
>
> For EFI, no... other than passing the EFI parameters, which
> apparently is *not* currently done (David Woodhouse is working on
> it.) Secure boot is still a work in progress.

For secureboot, as a first step in that direction, I just wrote some code
to sign elf executable and be able to verify it in kernel upon exec(). I
am soon planning to post RFC code (most likely next week).

Hopefully we will be able to sign statically signed /sbin/kexec, give
it extra capability (upon signature verification) to be able to call
sys_exec().

Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Walleij: "Re: [PATCH v2] drivers/pinctrl: grab default handles from device core"
Previous message: Steven Rostedt: "Re: [PATCH -tip 0/3] Move kprobes files under the kprobes directory"
In reply to: H. Peter Anvin: "Re: [Xen-devel] [PATCH v3 00/11] xen: Initial kexec/kdump implementation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]