Vivek Goyal writes:
> Hi,
>
> This is a very crude RFC for ELF executable signing and verification. This
> has been done along the lines of module signature verification.
Yes, but I'm the first to admit that's the wrong lines.
The reasons we didn't choose that for module signatures:
1) I was una
On Thu, Jan 17, 2013 at 06:22:47PM +0200, Kasatkin, Dmitry wrote:
[..]
> > Currently it is expected to use these patches only for statically linked
> > executables. No dynamic linking. In fact patches specifically disable
> > calling interpreter. This does not prevent against somebody using dlopen
On Tue, Jan 15, 2013 at 11:34 PM, Vivek Goyal wrote:
> Hi,
>
> This is a very crude RFC for ELF executable signing and verification. This
> has been done along the lines of module signature verification.
>
> Why do we need it
> =
> With arrival of secureboot, sys_kexec() is deemed
On Wed, Jan 16, 2013 at 12:15 AM, Vivek Goyal wrote:
> On Tue, Jan 15, 2013 at 11:27:12PM +0100, richard -rw- weinberger wrote:
>> On Tue, Jan 15, 2013 at 10:34 PM, Vivek Goyal wrote:
>> > Upon exec(), we determine if executable is signed. If it is, then locks
>> > down the pages in memory (using
On Tue, Jan 15, 2013 at 11:27:12PM +0100, richard -rw- weinberger wrote:
> On Tue, Jan 15, 2013 at 10:34 PM, Vivek Goyal wrote:
> > Upon exec(), we determine if executable is signed. If it is, then locks
> > down the pages in memory (using MAP_LOCKED) and verfies the signature.
> > If signature do
On Tue, Jan 15, 2013 at 10:34 PM, Vivek Goyal wrote:
> Upon exec(), we determine if executable is signed. If it is, then locks
> down the pages in memory (using MAP_LOCKED) and verfies the signature.
> If signature does not match, process is killed. Unsigned processes
> don't get affected at all.
Hi,
This is a very crude RFC for ELF executable signing and verification. This
has been done along the lines of module signature verification.
Why do we need it
=
With arrival of secureboot, sys_kexec() is deemed dangerous. One can
effectively bypass the secureboot feature and run
7 matches
Mail list logo