Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757122Ab3IAIws (ORCPT ); Sun, 1 Sep 2013 04:52:48 -0400 Received: from mail-pb0-f54.google.com ([209.85.160.54]:33769 "EHLO mail-pb0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755298Ab3IAIwq (ORCPT ); Sun, 1 Sep 2013 04:52:46 -0400 MIME-Version: 1.0 In-Reply-To: <1376928619-3775-8-git-send-email-matthew.garrett@nebula.com> References: <1376928619-3775-1-git-send-email-matthew.garrett@nebula.com> <1376928619-3775-8-git-send-email-matthew.garrett@nebula.com> Date: Sun, 1 Sep 2013 10:52:45 +0200 X-Google-Sender-Auth: WmOJUbeKLnTJxRQTfSf8YsP1dPE Message-ID: Subject: Re: [PATCH 08/10] kexec: Disable at runtime if the kernel enforces module loading restrictions From: Geert Uytterhoeven To: Matthew Garrett Cc: "linux-kernel@vger.kernel.org" , linux-efi@vger.kernel.org, Josh Boyer , Kees Cook Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 905 Lines: 23 On Mon, Aug 19, 2013 at 6:10 PM, Matthew Garrett wrote: > kexec permits the loading and execution of arbitrary code in ring 0, which > is something that module signing enforcement is meant to prevent. It makes > sense to disable kexec in this situation. Any plans for signed kexec code? Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/