Re: [RFC 0/3] extend kexec_file_load system call

From: Dave Young
Date: Wed Jul 13 2016 - 04:37:03 EST

Next message: Mel Gorman: "Re: [PATCH 06/34] mm, vmscan: have kswapd only scan based on the highest requested zone"
Previous message: Jerome Marchand: "Re: System freezes after OOM"
In reply to: Russell King - ARM Linux: "Re: [RFC 0/3] extend kexec_file_load system call"
Next in thread: Petr Tesarik: "Re: [RFC 0/3] extend kexec_file_load system call"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[snip]
> Now, going back to the more fundamental issue raised in my first reply,
> about the kernel command line.
>
> On x86, I can see that it _is_ possible for userspace to specify a
> command line, and the kernel loading the image provides the command
> line to the to-be-kexeced kernel with very little checking. So, if
> your kernel is signed, what stops the "insecure userspace" loading
> a signed kernel but giving it an insecure rootfs and/or console?

The kexec_file_load syscall was introduced for secure boot in the first
place. In case UEFI secure boot the signature verification chain only
covers kernel mode binaries. I think there is such problem in both normal
boot and kexec boot.

Thanks
Dave

Next message: Mel Gorman: "Re: [PATCH 06/34] mm, vmscan: have kswapd only scan based on the highest requested zone"
Previous message: Jerome Marchand: "Re: System freezes after OOM"
In reply to: Russell King - ARM Linux: "Re: [RFC 0/3] extend kexec_file_load system call"
Next in thread: Petr Tesarik: "Re: [RFC 0/3] extend kexec_file_load system call"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]