[PATCH v2] x86/ima: require signed kernel modules

Matthew Garrett mjg59 at google.com
Thu Mar 7 22:45:49 UTC 2019

On Thu, Mar 7, 2019 at 2:41 PM Mimi Zohar <zohar at linux.ibm.com> wrote:
> On Thu, 2019-03-07 at 14:36 -0800, Matthew Garrett wrote:
> > Right, but how is this different to what Linus was objecting to?
> Both Andy Lutomirski and Linus objected to limiting the "lockdown"
> patch set to secure boot enabled systems.

No, Linus objected to it being automatically enabled when secure boot
was enabled. It was always possible to enable it at boot on any

More information about the Linux-security-module-archive mailing list