Re: [RFC 2/2] initramfs with digital signature protection
From: Vivek Goyal
Date: Thu Feb 07 2013 - 12:05:50 EST
On Tue, Feb 05, 2013 at 02:34:50PM +0200, Dmitry Kasatkin wrote:
[..]
> +static int __init load_initramfs(void)
> +{
> + static char *argv[] = { "pre-init", NULL, };
> + extern char *envp_init[];
> + int err;
> +
> + /*
> + * In case that a resume from disk is carried out by linuxrc or one of
> + * its children, we need to tell the freezer not to wait for us.
> + */
> + current->flags |= PF_FREEZER_SKIP;
> +
> + err = call_usermodehelper_fns("/pre-init", argv, envp_init,
> + UMH_WAIT_PROC, init_init, init_cleanup,
> + NULL);
> +
> + current->flags &= ~PF_FREEZER_SKIP;
> +
> + pr_info("initramfs_sig /pre-init completed: %d\n", err);
> +
Dmitry,
How do we make sure that this is the first call to user mode helpers. I
see that we first unpacked unsigned initramfs. Then after a while we
unpacked signed initramfs on /root and did a chroot. But now there is
a window before chroot, where kernel might call into /sbin/hotplug or
/sbin/modprobe from unsigned initramfs?
Specifically, I put some printk and I am seeing calls to /sbin/hotplug
before we even unpacked signed initramfs.
Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/