Re: [PATCH 00/12] One more attempt at useful kernel lockdown

From: H. Peter Anvin
Date: Tue Sep 10 2013 - 19:58:31 EST

Next message: Linus Torvalds: "Re: linux-next: manual merge of the akpm tree with Linus' tree"
Previous message: Mimi Zohar: "Re: [PATCH 00/12] One more attempt at useful kernel lockdown"
In reply to: Mimi Zohar: "Re: [PATCH 00/12] One more attempt at useful kernel lockdown"
Next in thread: Kees Cook: "Re: [PATCH 00/12] One more attempt at useful kernel lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 09/10/2013 04:55 PM, Mimi Zohar wrote:
>>
>> What would the deliverables be from the hardware vendor and what tools
>> would you expect them to need on their end?
>
> The package installer needs to not only install files, but file metadata
> as well. Elena Reshetova (Intel) has already added rpm hooks to write
> security xattrs. The next step, yet to be done, is to include and write
> the signatures as part of the rpm install process.
>

That's a total non-option.

There needs to be something that can be done even on a Windows box by a
largely untrained release engineer if we're going to have a prayer of
getting this supported.

So, there is your answer why not.

-hpa

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: linux-next: manual merge of the akpm tree with Linus' tree"
Previous message: Mimi Zohar: "Re: [PATCH 00/12] One more attempt at useful kernel lockdown"
In reply to: Mimi Zohar: "Re: [PATCH 00/12] One more attempt at useful kernel lockdown"
Next in thread: Kees Cook: "Re: [PATCH 00/12] One more attempt at useful kernel lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]