Re: Trusted kernel patchset

From: Matthew Garrett
Date: Tue Mar 17 2015 - 16:43:02 EST

Next message: Greg Kroah-Hartman: "Re: [PATCH 3.10 00/62] 3.10.72-stable review"
Previous message: Pantelis Antoniou: "Re: [PATCH 0/5] of: overlay: Assorted fixes"
In reply to: Simon McVittie: "Re: Trusted kernel patchset"
Next in thread: Simon McVittie: "Re: Trusted kernel patchset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2015-03-17 at 20:22 +0000, Simon McVittie wrote:

> Is the intention instead that it will make privileged bits of userland
> more careful to avoid breaking the trust chain in ways that would "fail
> safe" by refusing to boot?

Not really. It's intended to avoid the situation where privileged
userspace is able to modify the running kernel to an extent that's
broadly equivalent to booting an arbitrary kernel.

Next message: Greg Kroah-Hartman: "Re: [PATCH 3.10 00/62] 3.10.72-stable review"
Previous message: Pantelis Antoniou: "Re: [PATCH 0/5] of: overlay: Assorted fixes"
In reply to: Simon McVittie: "Re: Trusted kernel patchset"
Next in thread: Simon McVittie: "Re: Trusted kernel patchset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]