Re: [RFC] Second attempt at kernel secure boot support

From: Jiri Kosina
Date: Wed Oct 31 2012 - 11:55:01 EST

Next message: Michal Hocko: "Re: [PATCH 3/8] cgroup: use cgroup_lock_live_group(parent) incgroup_create()"
Previous message: Western Union Transfer: "Payment Sent!!"
In reply to: Alan Cox: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: Alan Cox: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 31 Oct 2012, Alan Cox wrote:

> All this depends on your threat model. If I have physical access to
> suspend/resume your machine then you already lost. If I don't have
> physical access then I can't boot my unsigned OS to patch your S4 image
> so it doesn't matter.

Prepare (as a root) a hand-crafted image, reboot, let the kernel resume
from that artificial image.

It can be viewed as a very obscure way of rewriting the kernel through
/dev/mem (which is obviously not possible when in 'secure boot'
environment).

--
Jiri Kosina
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Michal Hocko: "Re: [PATCH 3/8] cgroup: use cgroup_lock_live_group(parent) incgroup_create()"
Previous message: Western Union Transfer: "Payment Sent!!"
In reply to: Alan Cox: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: Alan Cox: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]