Unified Kernel Images (UKIs)
Рет қаралды 3,289
Күн бұрын
@purpleidea Жыл бұрын
Great talk, thank you-- So back to the kernel command line stuff--- if I want to modify the kernel command line, say I'm testing different flags for graphics drivers or whatever, how do I do this easily? I get the feeling I can't just type `e` and edit it live the way I can with grub? Is it tons of overhead to have to build this addon "mule" image each time I want to try something out?
@SmackMyKeyboard Жыл бұрын
From the systemd-stub doc: If UEFI SecureBoot is enabled and the ".cmdline" section is present in the executed image, any attempts to override the kernel command line by passing one as invocation parameters to the EFI binary are ignored. Thus, in order to allow overriding the kernel command line, either disable UEFI SecureBoot, or don't include a kernel command line PE section in the kernel image file. When loading a UKI from a bootloader you can still pass the cmdline as an argument as you would when loading a kernel, however the passed cmdline may be ignored.
@UshbyDevOps-dp8pn Жыл бұрын
❤
@elalemanpaisa 5 ай бұрын
So you drop into a rescue shell and ask the tpm for the secrets as its the authoritied image the tpm gets chatty
@SmackMyKeyboard 2 ай бұрын
IIRC then the hash of the cmdline is also measured into one of the PCRs meaning that the state of the cmdline can also be tied to the secrets.
Towards Secure Unified Kernel Images for Generic Linux Distributions and Every... Lennart Poettering
Linux Plumbers Conference
Рет қаралды 722
All Systems Go!
Рет қаралды 373
Felipe Contreras
Рет қаралды 180 М.
Walian
Рет қаралды 15 М.