Re: [PATCH 07/24] kexec: Disable at runtime if the kernel is locked down

On 04/05/17 at 09:15pm, David Howells wrote: > From: Matthew Garrett > > kexec permits the loading and execution of arbitrary code in ring 0, which > is something that lock-down is meant to prevent. It makes sense to disable > kexec in this situation. > > This does

Re: [PATCH 07/24] kexec: Disable at runtime if the kernel is locked down

On 04/05/17 at 09:15pm, David Howells wrote: > From: Matthew Garrett > > kexec permits the loading and execution of arbitrary code in ring 0, which > is something that lock-down is meant to prevent. It makes sense to disable > kexec in this situation. > > This does not affect kexec_file_load()

[PATCH 07/24] kexec: Disable at runtime if the kernel is locked down

From: Matthew Garrett kexec permits the loading and execution of arbitrary code in ring 0, which is something that lock-down is meant to prevent. It makes sense to disable kexec in this situation. This does not affect kexec_file_load() which can check for a signature

[PATCH 07/24] kexec: Disable at runtime if the kernel is locked down

From: Matthew Garrett kexec permits the loading and execution of arbitrary code in ring 0, which is something that lock-down is meant to prevent. It makes sense to disable kexec in this situation. This does not affect kexec_file_load() which can check for a signature on the image to be booted.

[PATCH 07/24] kexec: Disable at runtime if the kernel is locked down

From: Matthew Garrett kexec permits the loading and execution of arbitrary code in ring 0, which is something that lock-down is meant to prevent. It makes sense to disable kexec in this situation. This does not affect kexec_file_load() which can check for a signature

[PATCH 07/24] kexec: Disable at runtime if the kernel is locked down

From: Matthew Garrett kexec permits the loading and execution of arbitrary code in ring 0, which is something that lock-down is meant to prevent. It makes sense to disable kexec in this situation. This does not affect kexec_file_load() which can check for a signature on the image to be booted.

[PATCH 07/24] kexec: Disable at runtime if the kernel is locked down

From: Matthew Garrett kexec permits the loading and execution of arbitrary code in ring 0, which is something that lock-down is meant to prevent. It makes sense to disable kexec in this situation. This does not affect kexec_file_load() which can check for a signature

[PATCH 07/24] kexec: Disable at runtime if the kernel is locked down

From: Matthew Garrett kexec permits the loading and execution of arbitrary code in ring 0, which is something that lock-down is meant to prevent. It makes sense to disable kexec in this situation. This does not affect kexec_file_load() which can check for a signature on the image to be booted.