Re: [RFC] Second attempt at kernel secure boot support

From: Vivek Goyal
Date: Fri Nov 02 2012 - 14:30:50 EST

Next message: Konrad Rzeszutek Wilk: "Re: [PATCH 1/5] mm: cleancache: lazy initialization to allow tmembackends to build/run as modules"
Previous message: Greg Kroah-Hartman: "Re: [PATCH] Staging: Android: logger: module_exit implementationg"
In reply to: Jiri Kosina: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: Shuah Khan: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 02, 2012 at 05:22:41PM +0100, Jiri Kosina wrote:
> On Fri, 2 Nov 2012, Vivek Goyal wrote:
>
> > > > "crash" utility has module which allows reading kernel memory. So leaking
> > > > this private key will be easier then you are thinking it to be.
> > >
> > > That's not upstream, right?
> >
> > Yes, checked with Dave, it is not upstream. Well, still it is a concern
> > for distro kernel.
>
> Well, that's about /dev/crash, right?

Yes, I was talking about /dev/crash.

>
> How about /proc/kcore?

Yes, we will have to lock down /proc/kcore too if we go the private
key solution way.

Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Konrad Rzeszutek Wilk: "Re: [PATCH 1/5] mm: cleancache: lazy initialization to allow tmembackends to build/run as modules"
Previous message: Greg Kroah-Hartman: "Re: [PATCH] Staging: Android: logger: module_exit implementationg"
In reply to: Jiri Kosina: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: Shuah Khan: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]