[Skiboot] [PATCH] core/fast-reboot: disable fast-reboot when firmware secureboot is enabled

Stewart Smith stewart at flamingspork.com
Wed Apr 15 16:27:19 AEST 2020


> On 14 Apr 2020, at 20:54, Oliver O'Halloran <oohall at gmail.com> wrote:
> 
> On Thu, Apr 9, 2020 at 8:14 AM Eric Richter <erichte at linux.ibm.com> wrote:
>> 
>> The possible impact of the current fast-reboot design on secure/trusted
>> boot is unclear and will likely need additional review and testing.
> 
> Are you really expecting me to hard disable fast reboot on the basis
> of "I don't understand what this does"?
> 
> We looked at it years ago and decided that the interaction with
> firmware secureboot was fine since a fast-reboot is roughlt the same
> as a kexec between host kernels. If you think that's wrong (it might
> be) then provide an actual explanation as to why.

In band reboot can’t ever be trusted anyway (how do you prove it did reboot?), so I don’t see how fast reboot is different.



More information about the Skiboot mailing list