[Arm-netbook] ARM's OOB para-virtualization & FreeZone in A10?

Lauri Kasanen cand at gmx.com
Fri Jul 6 10:50:50 BST 2012


On Thu, 05 Jul 2012 09:21:47 -0700
freebirds at fastmail.fm wrote:

> Gordon Bobic asked: "If you are running a Linux kernel that will only
> load signed modules, how do you propose the perpetrator would 
> inject a custom, unsigned virtualization module into your running kernel
> to leverage virtualization extensions to do something nasty to the 
> running OS?" I do not know.

http://lwn.net/Articles/472651/

I don't claim to be an expert on this topic, but I trust the grsec people, and they have repeatedly claimed that even disabling modules entirely does not prevent someone determined from loading code to the vanilla kernel.

If disabled modules still allows that, then surely signed modules is no better.

- Lauri



More information about the arm-netbook mailing list