On Tue, 2012-07-17 at 11:33 -0400, Konrad Rzeszutek Wilk wrote:
> > The only thing that comes to my mind is PCI passthrough, as it probably
> > could be thought at something allowing physical memory accesses... Or is
> > the control Xen/qemu provides over it sufficient? (Again, I think the
> > same could apply to KVM, right?).
> Right, and also kexec for example. There is code loaded from userspace
> binary into the kernel to deal with a crashed kernel. Its called
> purgatory code.
I see.

> What I am not clear is how far the "chain of trust" needs to go - b/c
> this also would imply module signing - which is right now _not_ in the
> upstream kernel.
It sure does, and in fact, module signing figures in the (still drafted)
Fedora's plan: http://mjg59.dreamwidth.org/12368.html ("Signed modules
are obviously troubling from a user perspective. We'll be signing all
the drivers that we ship [...]").

The X server is also mentioned there, so I guess qemu (it open /dev/mem
as root after all, doesn't it?) could be a candidate either? :-O

Thanks and Regards,

<<This happens because I choose it to happen!>> (Raistlin Majere)
Dario Faggioli, Ph.D, http://retis.sssup.it/people/faggioli
Senior Software Engineer, Citrix Systems R&D Ltd., Cambridge (UK)

Attachment: signature.asc
Description: This is a digitally signed message part

xen mailing list

Reply via email to