second kernel, so that the event
>history is preserved.
OK.. and this is safe? Do both the kernels need to be signed by the
same certificate?
Balbir Singh
___
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
orrect.
What I meant was how does the new kernel know that the old kernel did not
cheat while passing on the values? I presume because we trust that kernel
via a signature.
and
How do we know the new kernel is safe to load - I guess via a signature that
the new kernel is signed with (assuming it
On 24/06/16 02:44, Thiago Jung Bauermann wrote:
> Am Donnerstag, 23 Juni 2016, 09:57:51 schrieb Balbir Singh:
>> On 23/06/16 03:02, Thiago Jung Bauermann wrote:
>>>>> 3. have IMA pass-on its event log (where integrity measurements are
>>>>>
>>>>
ontroller BMC can
do the magic for you. So its not always physical access, is it?
> >
> >
> > You run a shell on the console. You now have control of the system,
> > and can mount the real rootfs, inspect it, and work out what it does,
> > etc.
> >
ess.
>>>>
>>
>> I agree, if you can change command line arguments, all bets are of lesser
>> value
>
> If changing command line allows execution of unsigned code at ring level
> 0, then it is a problem. Otherwise we are talking of security issues which
> are not covered by secure
I agree that from what I can see/grep there is nothing that allows unsigned
code to run at boot in ring0, but there are implications like the ones
I've mentioned above.
Attacks are typically built as a chain and every bit might matter. One could
turn off features that might lead to the system being attacked at run-time
Balbir Singh.
___
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
he old measurement list? Is it still of significance in the new kernel?
Balbir Singh.
___
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
On 09/08/16 22:36, Mimi Zohar wrote:
> On Tue, 2016-08-09 at 15:19 +1000, Balbir Singh wrote:
>>
>> On 04/08/16 22:24, Mimi Zohar wrote:
>>> The TPM PCRs are only reset on a hard reboot. In order to validate a
>>> TPM's quote after a soft reboot (eg. kexe
_free_image;
>
> @@ -256,9 +327,9 @@ out_free_image:
> return ret;
> }
>
> -SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
> +SYSCALL_DEFINE6(kexec_file_load, int, kernel_fd, int, initrd_fd,
> unsigned long, cmdline_len, const char __user *, cmdline_ptr,
> - unsigned long, flags)
> + unsigned long, flags, const struct kexec_fdset __user *, ufdset)
> {
> int ret = 0, i;
> struct kimage **dest_image, *image;
> @@ -295,7 +366,7 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int,
> initrd_fd,
> kimage_free(xchg(&kexec_crash_image, NULL));
>
> ret = kimage_file_alloc_init(&image, kernel_fd, initrd_fd, cmdline_ptr,
> - cmdline_len, flags);
> + cmdline_len, flags, ufdset);
> if (ret)
> goto out;
>
Balbir Singh.
___
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
Jung Bauermann
> Acked-by: Dave Young
> ---
Acked-by: Balbir Singh
___
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
r *, and the change
> allows us to get rid of 3 existing casts to char * in the code.
>
> Signed-off-by: Thiago Jung Bauermann
> Acked-by: Dave Young
> ---
Looks good otherwise
Acked-by: Balbir Singh
___
kexec mailing list
kex
for the associated symbol table.
> + * @symindex:Section header index for the associated symbol
> table.
> + * @relsec: Section header index for the relocations to apply.
> + * @obj_name:The name of the ELF binary, for information
> messag
On 16/08/16 00:49, Thiago Jung Bauermann wrote:
> Am Montag, 15 August 2016, 17:30:49 schrieb Balbir Singh:
>> On Thu, Aug 11, 2016 at 08:08:07PM -0300, Thiago Jung Bauermann wrote:
>>> Adapt all callers to the new function prototype.
>>
>> Could you please expand
On 16/08/16 09:25, Thiago Jung Bauermann wrote:
> Am Montag, 15 August 2016, 17:46:34 schrieb Balbir Singh:
>> On Thu, Aug 11, 2016 at 08:08:09PM -0300, Thiago Jung Bauermann wrote:
>>> +/**
>>> + * elf64_apply_relocate_add - apply 64 bit RELA relocations
>>>
On 17/08/16 04:49, Thiago Jung Bauermann wrote:
> Am Dienstag, 16 August 2016, 16:15:55 schrieb Balbir Singh:
>> On 16/08/16 00:49, Thiago Jung Bauermann wrote:
>>> Am Montag, 15 August 2016, 17:30:49 schrieb Balbir Singh:
>>>> On Thu, Aug 11, 2016 at 08:08:07P
trying to cleanup the zImage to get rid
the old zImage limitation, cc'ing him
Balbir Singh
___
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
://sourceware.org/glibc/wiki/FAQ - "Even statically
linked programs need some shared libraries which is not acceptable for
me. What can I do?" Probably, worth trying.
Balbir Singh
___
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
On Fri, Nov 2, 2012 at 8:06 PM, Vivek Goyal wrote:
> On Fri, Nov 02, 2012 at 07:59:15PM +0530, Balbir Singh wrote:
>> On Fri, Nov 2, 2012 at 6:53 PM, Vivek Goyal wrote:
>> > On Thu, Nov 01, 2012 at 02:52:25PM +, Matthew Garrett wrote:
>> >> On Thu, Nov 01, 2
17 matches
Mail list logo
