vaseboot

History

Matthew Garrett 57b4382f0c Fix race in EFI validation The Secure Boot code currently reads the kernel from disk, validates the signature and then reads it from disk again. A sufficiently exciting storage device could modify the kernel between these two events and trigger the execution of an untrusted kernel. Avoid re-reading it in order to ensure this isn't a problem, and in the process speed up boot by not reading the kernel twice.	2018-03-29 22:18:53 -04:00
..
linux.c	Fix race in EFI validation	2018-03-29 22:18:53 -04:00

Matthew Garrett 57b4382f0c Fix race in EFI validation

The Secure Boot code currently reads the kernel from disk, validates the
signature and then reads it from disk again. A sufficiently exciting storage
device could modify the kernel between these two events and trigger the
execution of an untrusted kernel. Avoid re-reading it in order to ensure
this isn't a problem, and in the process speed up boot by not reading the
kernel twice.

2018-03-29 22:18:53 -04:00

linux.c

Fix race in EFI validation

2018-03-29 22:18:53 -04:00