Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot

From: Yannik Sembritzki
Date: Wed Aug 15 2018 - 17:50:49 EST

Next message: Vivek Goyal: "Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot"
Previous message: Benjamin Herrenschmidt: "[RFC PATCH] pci: Proof of concept at fixing pci_enable_device/bridge races"
In reply to: James Bottomley: "Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot"
Next in thread: Vivek Goyal: "Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 15.08.2018 23:40, James Bottomley wrote:
> What about the key linking patches:
>
> https://lkml.org/lkml/2018/5/2/989
>
> ? They allow you to insert your own binary key into bzimage and then
> resign the resulting blob for secure boot. It's a fairly painless
> process. The patches have been languishing for an unstated reason but
> it's suspected to have something to do with Red Hat not wanting to
> support Enterprise users signing their own kernels.

Thanks, that's exactly what I was thinking about.

Yannik

Next message: Vivek Goyal: "Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot"
Previous message: Benjamin Herrenschmidt: "[RFC PATCH] pci: Proof of concept at fixing pci_enable_device/bridge races"
In reply to: James Bottomley: "Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot"
Next in thread: Vivek Goyal: "Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]