[PATCH 07/27] kexec_file: Disable at runtime if securelevel has been set

David Howells dhowells at redhat.com
Thu Nov 2 17:00:08 UTC 2017


Mimi Zohar <zohar at linux.vnet.ibm.com> wrote:

> At some point, we'll want to also require the initramfs be signed as well.

That could be tricky.  In Fedora, at least, that's assembled on the fly to
include just the drivers you need to be able to mount your root fs and find
the rest of your modules.  (Unless you mean just for the installer)

David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list