An actual suggestion (Re: [GIT PULL] Kernel lockdown for secure boot)
James Morris
jmorris at namei.org
Wed Apr 4 23:25:19 UTC 2018
On Wed, 4 Apr 2018, David Howells wrote:
> > 6. There's a way to *decrease* the lockdown level below the configured
> > value. (This ability itself may be gated by a config option.)
> > Choices include a UEFI protected variable,
>
> By turning secure boot off, maybe?
It's surely reasonable to allow an already secure-booted system to be
debugged without needing to be rebooted.
- James
--
James Morris
<jmorris at namei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list