https://github.com/mjg59/linux/commit/1fa28d39024cebb051319c5a15f8f6f2777b8d72 … - when the thing with the comment "This should be called early in the kernel init sequence" can't be called sufficiently early
does that mean you're fine with someone being able to set stuff like "root=" but not some other things?
-
-
Basically, yeah. If you have a built-in initramfs then that gives you the opportunity to have the kernel generate trust in everything afterwards, as long as it's not possible to pass kernel parameters that give you the opportunity to modify the kernel image
-
but essentially this would mean that you can't set kernel config flags anymore, right? even if the user manually sets them in the grub commandline on boot?
- 3 more replies
New conversation -
-
-
taking a step back, your premise is "we get the cmdline from the bootloader, and the bootloader is trusted, but we want the bootloader to be able to load a cmdline from disk that can't be verified and just shove it into the kernel", right?
-
We can't assert that the command line is trusted because there are too many cases where you need to modify parameters
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.