Hi Mimi,
On Mon, Nov 21, 2022 at 01:23:57PM -0500, Mimi Zohar wrote:
Hi Coiby,
On Mon, 2022-11-21 at 15:29 +0800, Coiby Xu wrote:
A kernel builder may not enable KEXEC_SIG and some architectures like
ppc64 simply don't have KEXEC_SIG. In these cases, unless both
IMA_ARCH_POLICY and secure
A kernel builder may not enable KEXEC_SIG and some architectures like
ppc64 simply don't have KEXEC_SIG. In these cases, unless both
IMA_ARCH_POLICY and secure boot also enabled, lockdown doesn't prevent
unsigned kernel image from being kexec'ed via the kexec_file_load
syscall whereas it could
On Sun, Nov 20, 2022 at 12:02:55PM +, Breno Leitao wrote:
Currently x86_spec_ctrl_base is read at boot time, and speculative bits
are set if configs are enable, such as MSR[SPEC_CTRL_IBRS] is enabled if
CONFIG_CPU_IBRS_ENTRY is configured. These MSR bits are not cleared if
the CONFIGs are
Hi Coiby,
On Mon, 2022-11-21 at 15:29 +0800, Coiby Xu wrote:
> A kernel builder may not enable KEXEC_SIG and some architectures like
> ppc64 simply don't have KEXEC_SIG. In these cases, unless both
> IMA_ARCH_POLICY and secure boot also enabled, lockdown doesn't prevent
> unsigned kernel image
Hi Ricardo,
On Thu, 17 Nov 2022 16:15:07 +0100
Ricardo Ribalda wrote:
> Hi Philipp
>
> Thanks for your review!
happy to help.
>
> On Thu, 17 Nov 2022 at 16:07, Philipp Rudo wrote:
> >
> > Hi Ricardo,
> >
> > all in all I think this patch makes sense. However, there is one point
> > I don't
On 2022/11/21 16:31, Baoquan He wrote:
> On 11/16/22 at 08:10pm, Zhen Lei wrote:
>> For crashkernel=X without '@offset', select a region within DMA zones
>> first, and fall back to reserve region above DMA zones. This allows
>> users to use the same configuration on multiple platforms.
>>
>>
On 11/16/22 at 08:10pm, Zhen Lei wrote:
> For crashkernel=X without '@offset', select a region within DMA zones
> first, and fall back to reserve region above DMA zones. This allows
> users to use the same configuration on multiple platforms.
>
> Signed-off-by: Zhen Lei
> Acked-by: Baoquan He
>
