lanzaboote/rust
Alois Wohlschlager 081714cab9
Pass the built-in cmdline to the kernel
Do not pass our own cmdline on to the kernel. It may have been set by a
malicious boot loader specification entry, and could instruct the
kernel to load an arbitrary unprotected initrd (or perform some other
fun stuff). Instead, always pass the command line built into the UKI,
which is properly authenticated.
2023-01-31 18:32:13 +01:00
..
stub Pass the built-in cmdline to the kernel 2023-01-31 18:32:13 +01:00
tool Do not sign the kernel 2023-01-31 18:25:27 +01:00