On Mon, 2013-09-09 at 09:27 -0700, H. Peter Anvin wrote: > This will break or have to be redefined once you have signed kexec.
Yeah. I wasn't really sure how to define it based on an implementation that isn't there yet - saying "kexec_load() of untrusted binaries" implies that there's some way to do it for trusted binaries. -- Matthew Garrett <matthew.garr...@nebula.com>