Linux Security Summit 2014/Abstracts/Cook 2
Revision as of 16:31, 15 July 2014 by JamesMorris (talk | contribs) (New page: == Title == Trusted Kernel Lock-down Patch Series (discussion) == Presenter == Kees Cook, Google == Abstract == There is a need to lock down access to raw kernel memory and devices wh...)
Title
Trusted Kernel Lock-down Patch Series (discussion)
Presenter
Kees Cook, Google
Abstract
There is a need to lock down access to raw kernel memory and devices when running under certain conditions. UEFI Secure Boot, or Chrome OS Verified Boot, among other situations, wants to be sure that userspace (even privileged users) cannot change the running kernel.
A patch series that implements this was written (and rewritten) by Matthew Garrett, but it has been bike-shed to death. We will discuss ways for this series to move forward, and document the prior objections and rebuttals so that future discussion can avoid resolved issues without distracting from progress.