[PATCH 01/24] Add the ability to lock down access to the running kernel image
Linus Torvalds
torvalds at linux-foundation.org
Thu Apr 12 16:52:54 UTC 2018
On Thu, Apr 12, 2018 at 6:09 AM, Justin Forbes <jmforbes at linuxtx.org> wrote:
> On Wed, Apr 11, 2018, 5:38 PM Linus Torvalds
> <torvalds at linux-foundation.org> wrote:
>>
>> So it's really the whole claim that distributions have been running
>> for this for the last five years that I wonder about, and how often
>> people end up being told: "just disable secure boot":.
>
> Very rarely in my experience.
Good. Do you have a handle on the reasons?
Because I'm assuming it's not /dev/{mem,kmem,port}? Because I'd really
be happier if we just say "those are legacy, don't enable them at all
for modern distros".
That way they'd _stay_ disabled even if somebody cannot handle the
other limitations, like DMA etc.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list