http://kernsec.org/wiki/index.php?action=history&feed=atom&title=Linux_Security_Summit_2014%2FAbstracts%2FCook_2 2026-04-20T14:52:28Z Revision history for this page on the wiki MediaWiki 1.36.1 http://kernsec.org/wiki/index.php?title=Linux_Security_Summit_2014/Abstracts/Cook_2&diff=3509&oldid=prev 2014-07-15T16:31:15Z

<p>New page: == Title == Trusted Kernel Lock-down Patch Series (discussion) == Presenter == Kees Cook, Google == Abstract == There is a need to lock down access to raw kernel memory and devices wh...</p> <p><b>New page</b></p><div>== Title ==<br /> <br /> Trusted Kernel Lock-down Patch Series (discussion)<br /> <br /> == Presenter ==<br /> <br /> Kees Cook, Google<br /> <br /> == Abstract ==<br /> <br /> There is a need to lock down access to raw kernel memory and devices when<br /> running under certain conditions. UEFI Secure Boot, or Chrome OS Verified<br /> Boot, among other situations, wants to be sure that userspace (even<br /> privileged users) cannot change the running kernel.<br /> <br /> A patch series that implements this was written (and rewritten) by Matthew<br /> Garrett, but it has been bike-shed to death. We will discuss ways for this<br /> series to move forward, and document the prior objections and rebuttals<br /> so that future discussion can avoid resolved issues without distracting<br /> from progress.</div>

JamesMorris