[PATCH v2] x86/ima: require signed kernel modules
Matthew Garrett
mjg59 at google.com
Thu Mar 7 22:45:49 UTC 2019
On Thu, Mar 7, 2019 at 2:41 PM Mimi Zohar <zohar at linux.ibm.com> wrote:
> On Thu, 2019-03-07 at 14:36 -0800, Matthew Garrett wrote:
> > Right, but how is this different to what Linus was objecting to?
>
> Both Andy Lutomirski and Linus objected to limiting the "lockdown"
> patch set to secure boot enabled systems.
No, Linus objected to it being automatically enabled when secure boot
was enabled. It was always possible to enable it at boot on any
platform.
More information about the Linux-security-module-archive
mailing list