* Chun-Yi Lee:
+ EFI bootloader must generate RSA key-pair when system boot:
- Bootloader store the public key to EFI boottime variable by itself
- Bootloader put The private key to S4SignKey EFI variable for forward to
kernel.
Is the UEFI NVRAM really suited for such regular
- Original Message -
From: Matthew Garrett matthew.garr...@nebula.com
To: Lenny Szubowicz lszub...@redhat.com
Cc: linux-ker...@vger.kernel.org, linux-efi@vger.kernel.org,
jwbo...@redhat.com, keesc...@chromium.org
Sent: Wednesday, August 28, 2013 6:41:55 PM
Subject: Re: [PATCH
On Wed, 2013-08-28 at 18:58 -0400, Lenny Szubowicz wrote:
I'm root. So I can write anything I want to the swap file that looks
like a valid hibernate image but is code of my choosing. I can read
anything I need from /dev/mem or /dev/kmem to help me do that.
I can then immediately initiate a
On Wed, Aug 28, 2013 at 3:58 PM, Lenny Szubowicz lszub...@redhat.com wrote:
- Original Message -
From: Matthew Garrett matthew.garr...@nebula.com
To: Lenny Szubowicz lszub...@redhat.com
Cc: linux-ker...@vger.kernel.org, linux-efi@vger.kernel.org,
jwbo...@redhat.com,
On Wed, 2013-08-28 at 16:07 -0700, Kees Cook wrote:
Strictly speaking, RAM contents are not available via /dev/*mem, even
to root. However, you can request a suspend image be written, but to
not enter hibernation. Then modify the image, and request a resume
from it.
Is that true? Oh, hm - I