[GIT PULL] Kernel lockdown for secure boot

Andy Lutomirski luto at kernel.org
Tue Apr 3 19:01:08 UTC 2018


> On Apr 3, 2018, at 10:16 AM, David Howells <dhowells at redhat.com> wrote:
>
> Andy Lutomirski <luto at kernel.org> wrote:
>
>>> A kernel that allows users arbitrary access to ring 0 is just an
>>> overfeatured bootloader. Why would you want secure boot in that case?
>>
>> To get a chain of trust.
>
> You don't have a chain of trust that you can trust in that case.
>

Please elaborate on why I can’t trust it. Please also elaborate on how
lockdown helps at all.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list