[GIT PULL] Kernel lockdown for secure boot
Linus Torvalds
torvalds at linux-foundation.org
Wed Apr 4 00:33:20 UTC 2018
On Tue, Apr 3, 2018 at 5:25 PM, Linus Torvalds
<torvalds at linux-foundation.org> wrote:
>
> Honestly, I don't think the patchset is viable at all in that case.
.. or rather, it's probably viable only for distributions that already
have reasons to only care about controlled hardware environments, ie
Chromebooks etc.
But a chome OS install wouldn't care about the whole "secure boot or
not" issue anyway, because they'd also control that side, an they
might as well just enable it unconditionally.
In contrast, the generic distros can't enable it anyway if it breaks
random hardware. And it wouldn't be about secure boot or not, but
about the random hardware choice.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list