|
|
Log in / Subscribe / Register

memfd_secret() in 5.14

memfd_secret() in 5.14

Posted Aug 10, 2021 1:51 UTC (Tue) by pabs (subscriber, #43278)
In reply to: memfd_secret() in 5.14 by calumapplepie
Parent article: memfd_secret() in 5.14

Hmm, I wonder how the kernel knows the hibernation image is trustworthy. Normally that requires a trust chain from Microsoft to the thing being loaded, but with hibernation there can be none since only code running on the machine can sign the hibernation image.

to post comments

memfd_secret() in 5.14

Posted Aug 10, 2021 8:59 UTC (Tue) by NYKevin (subscriber, #129325) [Link]

Secure boot checks the signature on the thing that receives control from UEFI (e.g. GRUB). It doesn't know or care about the fact that GRUB hands control over to the Linux kernel, much less what RAM image the Linux kernel subsequently decides to load up.

Otherwise, this chain of attestation would never end. You'd have to sign the kernel, and systemd, and GNOME, and Firefox, and...


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds