From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932200AbbFSISe (ORCPT ); Fri, 19 Jun 2015 04:18:34 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50008 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753557AbbFSIS0 (ORCPT ); Fri, 19 Jun 2015 04:18:26 -0400 Date: Fri, 19 Jun 2015 16:18:16 +0800 From: Dave Young To: Vivek Goyal Cc: "Eric W. Biederman" , Josh Boyer , "Theodore Ts'o" , Petr Tesarik , kexec , "Linux-Kernel@Vger. Kernel. Org" , David Howells Subject: Re: kexec_load(2) bypasses signature verification Message-ID: <20150619081816.GK4636@dhcp-128-32.nay.redhat.com> References: <20150615200115.GG5003@thunk.org> <87zj3zigug.fsf@x220.int.ebiederm.org> <20150616202757.GB14943@redhat.com> <87y4jjglvu.fsf@x220.int.ebiederm.org> <20150617014737.GB30214@redhat.com> <20150618011629.GA8718@dhcp-128-32.nay.redhat.com> <20150618020209.GA8390@dhcp-128-32.nay.redhat.com> <20150618133044.GA1040@redhat.com> <20150619062140.GH4636@dhcp-128-32.nay.redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150619062140.GH4636@dhcp-128-32.nay.redhat.com> User-Agent: Mutt/1.5.22.1-rc1 (2013-10-16) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > If we want to disable unsigned kernel loading at compile time, then we > > really need to work on decoupling CONFIG_KEXEC and CONFIG_FILE_KEXEC. > > Introducing another config option is not the way forward, IMHO. > > Yes, let's do it in this way since everyone is fine with it. I will work on a patch if nobody else have interest or no time on it. Thanks Dave From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mx1.redhat.com ([209.132.183.28]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1Z5rVg-0002HC-C4 for kexec@lists.infradead.org; Fri, 19 Jun 2015 08:18:48 +0000 Date: Fri, 19 Jun 2015 16:18:16 +0800 From: Dave Young Subject: Re: kexec_load(2) bypasses signature verification Message-ID: <20150619081816.GK4636@dhcp-128-32.nay.redhat.com> References: <20150615200115.GG5003@thunk.org> <87zj3zigug.fsf@x220.int.ebiederm.org> <20150616202757.GB14943@redhat.com> <87y4jjglvu.fsf@x220.int.ebiederm.org> <20150617014737.GB30214@redhat.com> <20150618011629.GA8718@dhcp-128-32.nay.redhat.com> <20150618020209.GA8390@dhcp-128-32.nay.redhat.com> <20150618133044.GA1040@redhat.com> <20150619062140.GH4636@dhcp-128-32.nay.redhat.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20150619062140.GH4636@dhcp-128-32.nay.redhat.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: Vivek Goyal Cc: Josh Boyer , Theodore Ts'o , kexec , Petr Tesarik , "Linux-Kernel@Vger. Kernel. Org" , David Howells , "Eric W. Biederman" > > If we want to disable unsigned kernel loading at compile time, then we > > really need to work on decoupling CONFIG_KEXEC and CONFIG_FILE_KEXEC. > > Introducing another config option is not the way forward, IMHO. > > Yes, let's do it in this way since everyone is fine with it. I will work on a patch if nobody else have interest or no time on it. Thanks Dave _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec