Re: [PATCH v2 0/2] x86/kexec: UKI Support

From: Dave Young
Date: Wed Sep 20 2023 - 03:44:58 EST

Next message: Ingo Molnar: "Re: [RFC PATCH 00/14] Prevent cross-cache attacks in the SLUB allocator"
Previous message: tip-bot2 for Mark Rutland: "[tip: locking/urgent] locking/atomic: scripts: fix fallback ifdeffery"
In reply to: Philipp Rudo: "Re: [PATCH v2 0/2] x86/kexec: UKI Support"
Next in thread: Dave Young: "Re: [PATCH v2 0/2] x86/kexec: UKI Support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > In the end the only benefit this series brings is to extend the
> > signature checking on the whole UKI except of just the kernel image.
> > Everything else can also be done in user space. Compared to the
> > problems described above this is a very small gain for me.
>
> Correct. That is the benefit of pulling the UKI apart in the
> kernel. However having to sign the kernel inside the UKI defeats
> the whole point.

Pingfan added the zboot load support in kexec-tools, I know that he is
trying to sign the zboot image and the inside kernel twice. So
probably there are some common areas which can be discussed.
Added Ard and Pingfan in cc.
http://lists.infradead.org/pipermail/kexec/2023-August/027674.html

Thanks
Dave

Next message: Ingo Molnar: "Re: [RFC PATCH 00/14] Prevent cross-cache attacks in the SLUB allocator"
Previous message: tip-bot2 for Mark Rutland: "[tip: locking/urgent] locking/atomic: scripts: fix fallback ifdeffery"
In reply to: Philipp Rudo: "Re: [PATCH v2 0/2] x86/kexec: UKI Support"
Next in thread: Dave Young: "Re: [PATCH v2 0/2] x86/kexec: UKI Support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]