[GIT PULL] Kernel lockdown for secure boot
Matthew Garrett
mjg59 at google.com
Tue Apr 3 16:29:48 UTC 2018
On Tue, Apr 3, 2018 at 8:11 AM Andy Lutomirski <luto at kernel.org> wrote:
> Can you explain that much more clearly? I'm asking why booting via
> UEFI Secure Boot should enable lockdown, and I don't see what this has
> to do with kexec. And "someone blacklist[ing] your key in the
> bootloader" sounds like a political issue, not a technical issue.
A kernel that allows users arbitrary access to ring 0 is just an
overfeatured bootloader. Why would you want secure boot in that case?
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list