[PATCH 0/3] [V4] Add support for GPG signature enforcement on booted
Nayna
nayna at linux.vnet.ibm.com
Wed Aug 17 19:40:10 AEST 2016
Thanks Timothy for quick response !!
Another basic question, mainly to understand..
So, I understand that kernel/initramfs integrity is important, and
signing is required, but what drives the need for encrypted
kernel/initramfs.
What confidential information is possible via vmlinux ?
Thanks & Regards,
- Nayna
On 08/15/2016 10:16 PM, Timothy Pearson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 08/14/2016 01:51 AM, Nayna Jain wrote:
>> Have you looked at some of the secure kexec function going on ?
>>
>> Thanks & Regards,
>> Nayna
>
> The signed kexec feature of the kernel was not sufficient for our
> applications. In particular, there is no provision to encrypt the
> kernel and initramfs with that mechanism.
>
> - --
> Timothy Pearson
> Raptor Engineering
> +1 (415) 727-8645 (direct line)
> +1 (512) 690-0200 (switchboard)
> https://www.raptorengineering.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJXsfH8AAoJEK+E3vEXDOFbOEgIALBQkse49hzP7aayQpFrKmwa
> ENir025qWu2igEewz4ymHq7utBIRrv45IJCxs3vXN0CsvZPGYdlAyQOC9msDsKQd
> eW2VbWaryYtSqzpEx8QbTUW6CgcxMHZ+G02nUceu1i1XJR2LnWKARVU6pKIGnYUy
> kDb7pyoOtptEiUdQx/tnpQILWw8KVHNef/ZEnbB/bRmeDW5wS3VvxhzbtS2wi0Eh
> t0VoI5vRVWlCIOQns3eqVbyZP9/yYawv2Hb8Lhhoz1BnUZVF+5yu/x61HszYAINr
> nzX/aAVpVhGik4IpBsUx/7h7B9GnH9ImSWwpm47KYqODN+WTyw1zfC56QiO1kuA=
> =qYdH
> -----END PGP SIGNATURE-----
>
More information about the Petitboot
mailing list