[GIT PULL] Kernel lockdown for secure boot

Linus Torvalds torvalds at linux-foundation.org
Tue Apr 3 23:58:55 UTC 2018

On Tue, Apr 3, 2018 at 4:56 PM, David Howells <dhowells at redhat.com> wrote:
> Most users haven't even given this a moment's thought, aren't even aware of
> the issues, don't even know to ask and, for them, it makes no difference.
> They trust their distribution to deal with stuff they don't know about.


Like perhaps trusting the distribution to just enable all those
security measures _regaredless_ of whether they booted in using secure
boot or not?


If lockdown breaks something, the distro would need to fix it
regardless of secure boot.

So why is the enablement dependent on it again?

I'm not arguing "lockdown shouldn't be on".

I'm arguing "lockdown being on or off has _nothing_ to do with whether
the machine was booted in EFI mode with secure boot or not".

You don't seem to get it.

To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

More information about the Linux-security-module-archive mailing list