What | Removed | Added |
---|---|---|
CC | jbohac@suse.com, ptesarik@suse.com | |
Assignee | kernel-maintainers@forge.provo.novell.com | ptesarik@suse.com |
On a deeply technical level, there are two syscalls for loading a panic kernel: 1. kexec_load() - the older API, where most work is done in user space 2. kexec_file_load() - the newer API, where most work is done by the kernel Only the latter syscall allows signature verification (required e.g. when Secure Boot is active). It seems that the panic kernel now requires signature verification, but for some reason it is not attempted. I'll have to look into this in more detail.