[Ksummit-discuss] Last minute nominations: mcgrof and toshi

Mimi Zohar zohar at linux.vnet.ibm.com
Fri Jul 29 17:57:28 UTC 2016


On Fr, 2016-07-29 at 13:43 +0100, Ben Hutchings wrote:
> On Wed, 2016-07-27 at 12:36 -0400, James Bottomley wrote:
> > On Wed, 2016-07-27 at 12:28 -0400, James Bottomley wrote:

> 
> That would seem to open a large hole unless the initramfs can be
> verified as trusted (either by the boot loader or the kernel).

Commit b804def "kexec: replace call to copy_file_from_fd() with kernel
version"  adds support for measuring and verifying the kernel image and
initramfs signatures.

The next step would be to measure and verify file signatures within the
initramfs.  That work was started, but has not been upstreamed yet.

Mimi



More information about the Ksummit-discuss mailing list