[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 00/11] xen: Initial kexec/kdump implementation

To: "H. Peter Anvin" <hpa@xxxxxxxxx>
From: Vivek Goyal <vgoyal@xxxxxxxxxx>
Date: Fri, 11 Jan 2013 15:43:18 -0500
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Daniel Kiper <daniel.kiper@xxxxxxxxxx>, "x86@xxxxxxxxxx" <x86@xxxxxxxxxx>, "kexec@xxxxxxxxxxxxxxxxxxx" <kexec@xxxxxxxxxxxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx" <virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx>, "mingo@xxxxxxxxxx" <mingo@xxxxxxxxxx>, "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, "maxim.uvarov@xxxxxxxxxx" <maxim.uvarov@xxxxxxxxxx>, "tglx@xxxxxxxxxxxxx" <tglx@xxxxxxxxxxxxx>, David Woodhouse <dwmw2@xxxxxxxxxxxxx>
Delivery-date: Fri, 11 Jan 2013 20:44:02 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Fri, Jan 11, 2013 at 12:26:48PM -0800, H. Peter Anvin wrote:
> >
> >And there is nothing fancy to be done for EFI and SecureBoot? Or is
> >that something that the kernel has to handle on its own (so somehow
> >passing some certificates to somewhere).
> >
> 
> For EFI, no... other than passing the EFI parameters, which
> apparently is *not* currently done (David Woodhouse is working on
> it.)  Secure boot is still a work in progress.

For secureboot, as a first step in that direction, I just wrote some code
to sign elf executable and be able to verify it in kernel upon exec(). I
am soon planning to post RFC code (most likely next week).

Hopefully we will be able to sign statically signed /sbin/kexec, give
it extra capability (upon signature verification) to be able to call
sys_exec().

Thanks
Vivek

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- Re: [Xen-devel] [PATCH v3 00/11] xen: Initial kexec/kdump implementation
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v3 00/11] xen: Initial kexec/kdump implementation
  - From: Daniel Kiper
- Re: [Xen-devel] [PATCH v3 00/11] xen: Initial kexec/kdump implementation
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v3 00/11] xen: Initial kexec/kdump implementation
  - From: Daniel Kiper
- Re: [Xen-devel] [PATCH v3 00/11] xen: Initial kexec/kdump implementation
  - From: Konrad Rzeszutek Wilk
- Re: [Xen-devel] [PATCH v3 00/11] xen: Initial kexec/kdump implementation
  - From: Daniel Kiper
- Re: [Xen-devel] [PATCH v3 00/11] xen: Initial kexec/kdump implementation
  - From: Konrad Rzeszutek Wilk
- Re: [Xen-devel] [PATCH v3 00/11] xen: Initial kexec/kdump implementation
  - From: Eric W. Biederman
- Re: [Xen-devel] [PATCH v3 00/11] xen: Initial kexec/kdump implementation
  - From: Konrad Rzeszutek Wilk
- Re: [Xen-devel] [PATCH v3 00/11] xen: Initial kexec/kdump implementation
  - From: H. Peter Anvin

Prev by Date: Re: [Xen-devel] S3 resume issues
Next by Date: Re: [Xen-devel] [PATCH v3 00/11] xen: Initial kexec/kdump implementation
Previous by thread: Re: [Xen-devel] [PATCH v3 00/11] xen: Initial kexec/kdump implementation
Next by thread: Re: [Xen-devel] [PATCH v3 00/11] xen: Initial kexec/kdump implementation
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.