On Sun, 2013-09-08 at 09:18 -0700, Greg KH wrote: > I want both, but I don't need signed kexec support because I want to use > kexec for a program that I "know" is correct because I validated the > disk image it was on before I mounted it. We already have other ways to > "verify" things without having to add individual verification of > specific pieces.
The kernel has no way to know that your kexec payload is coming from a verified image. It'll just as happily take something from an unverified image. If you've ensured that there's no way an attacker can call kexec_load() on an unverified image, then you don't need signed modules. -- Matthew Garrett <matthew.garr...@nebula.com>
