Vivek Goyal <vgo...@redhat.com> writes: > [...] >> Can you please tell a bit more how this patch protect against direct >> writing to the blocks? > > If you have loaded all the pages from disk and locked them in memory and > verified the signature, then even if somebody modifies a block on disk > it does not matter. We will not read pages from disk anymore for this > exec(). We verified the signature of executable loaded in memory and > in-memory copy is intact.
Does this imply dramatically increasing physical RAM pressure and load latency, because binaries (and presumably all their shared libraries) have to be locked & loaded? (Else if they are paged out to encrypted-swap, is that sufficient protection against manipulation?) - FChE -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
