Re: [PATCH 0/10] Add additional security checks when module loadingis restricted

From: Matthew Garrett
Date: Wed Aug 28 2013 - 18:42:03 EST

Next message: Colin Cross: "Re: [RFC PATCHv3] drivers: power: Detect device suspend/resume lockupand log event in pstore."
Previous message: Lenny Szubowicz: "Re: [PATCH 0/10] Add additional security checks when module loadingis restricted"
In reply to: Lenny Szubowicz: "Re: [PATCH 0/10] Add additional security checks when module loadingis restricted"
Next in thread: Lenny Szubowicz: "Re: [PATCH 0/10] Add additional security checks when module loadingis restricted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2013-08-28 at 18:37 -0400, Lenny Szubowicz wrote:

> Did you purposely exclude similar checks for hibernate that were covered
> by earlier versions of your patch set?

Yes, I think it's worth tying it in with the encrypted hibernation
support. The local attack is significantly harder in the hibernation
case - in the face of unknown hardware it basically involves a
pre-generated memory image corresponding to your system or the ability
to force a reboot into an untrusted environment. I think it's probably
more workable to just add a configuration option for forcing encrypted
hibernation when secure boot is in use.

--
Matthew Garrett <matthew.garrett@xxxxxxxxxx>
N‹§²æìr¸›yúèšØb²X¬¶ÇvØ^–)Þ{.nÇ+‰·¥Š{±‘êçzX§¶›¡Ü}©ž²ÆzÚ&j:+v‰¨¾«‘êçzZ+€Ê+zf£¢·hšˆ§~††Ûiÿûàz¹®w¥¢¸?™¨èÚ&¢)ßf”ù^jÇy§m…á@A«a¶Úÿ0¶ìh®å’i

Next message: Colin Cross: "Re: [RFC PATCHv3] drivers: power: Detect device suspend/resume lockupand log event in pstore."
Previous message: Lenny Szubowicz: "Re: [PATCH 0/10] Add additional security checks when module loadingis restricted"
In reply to: Lenny Szubowicz: "Re: [PATCH 0/10] Add additional security checks when module loadingis restricted"
Next in thread: Lenny Szubowicz: "Re: [PATCH 0/10] Add additional security checks when module loadingis restricted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]