Re: [RFC 0/3] extend kexec_file_load system call
From: Dave Young <hidden>
Date: 2016-07-13 08:37:00
Also in:
kexec, linux-arm-kernel, lkml
From: Dave Young <hidden>
Date: 2016-07-13 08:37:00
Also in:
kexec, linux-arm-kernel, lkml
[snip]
Now, going back to the more fundamental issue raised in my first reply, about the kernel command line. On x86, I can see that it _is_ possible for userspace to specify a command line, and the kernel loading the image provides the command line to the to-be-kexeced kernel with very little checking. So, if your kernel is signed, what stops the "insecure userspace" loading a signed kernel but giving it an insecure rootfs and/or console?
The kexec_file_load syscall was introduced for secure boot in the first place. In case UEFI secure boot the signature verification chain only covers kernel mode binaries. I think there is such problem in both normal boot and kexec boot. Thanks Dave