Kernel drivers and IOCTLs

Valdis Kl=?utf-8?Q?=c4=93?=tnieks valdis.kletnieks at
Tue Feb 4 23:01:03 EST 2020

On Tue, 04 Feb 2020 20:57:24 -0600, WyoFlippa said:

> I'm actually happy with the existing boot schemes. In this case, the
> driver is going to validate a signed image (U-Boot or Linux) before it
> is programmed into the flash memory. Although the image is validated
> when booting, it is one additional check to avoid surprises.

Is there a reason you're trying to do it from a driver rather than from userspace?

Under what realistic conditions will the kernel be trustable to do the validation
while userspace isn't? What's the threat model here - in other words, what
attack(s) are you trying to stop?  (This is a lot trickier than it looks - over the
decades, I've seen plenty of "Let's do this cargo-cult thing to stop attack X",
while overlooking the fact that any attacker who can do X can equally easily
do Y and still pwn the entire box.....)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <>

More information about the Kernelnewbies mailing list