Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1761818Ab2KAO6K (ORCPT ); Thu, 1 Nov 2012 10:58:10 -0400 Received: from cavan.codon.org.uk ([93.93.128.6]:56661 "EHLO cavan.codon.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1761486Ab2KAO6F (ORCPT ); Thu, 1 Nov 2012 10:58:05 -0400 Date: Thu, 1 Nov 2012 14:57:31 +0000 From: Matthew Garrett To: Vivek Goyal Cc: Mimi Zohar , "Eric W. Biederman" , Khalid Aziz , kexec@lists.infradead.org, horms@verge.net.au, Dave Young , "H. Peter Anvin" , linux kernel mailing list , Dmitry Kasatkin , Roberto Sassu , Kees Cook Subject: Re: Kdump with signed images Message-ID: <20121101145731.GB10662@srcf.ucam.org> References: <1351190421.18115.92.camel@falcor> <20121025185520.GA17995@redhat.com> <1351214158.18115.186.camel@falcor> <20121026023916.GA16762@srcf.ucam.org> <20121026170609.GB24687@redhat.com> <1351276649.18115.217.camel@falcor> <20121101131003.GA14573@redhat.com> <20121101135356.GA15659@redhat.com> <1351780159.15708.17.camel@falcor> <20121101145149.GB15821@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20121101145149.GB15821@redhat.com> User-Agent: Mutt/1.5.20 (2009-06-14) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: mjg59@cavan.codon.org.uk X-SA-Exim-Scanned: No (on cavan.codon.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 798 Lines: 18 On Thu, Nov 01, 2012 at 10:51:49AM -0400, Vivek Goyal wrote: > And if one wants only /sbin/kexec to call it, then just sign that > one so no other executable will be able to call kexec_load(). Though > I don't think that's the requirement here. Requirement is that only > trusted executables should be able to call kexec_load(). Where "trusted executables" means "signed by a key that's present in the system firmware or in the kernel that's signed with a key that's present in the system firmware", sure. -- Matthew Garrett | mjg59@srcf.ucam.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/