On 08/29/2015 03:11 PM, Gordon Messmer wrote: >> > > Secure Boot is an effective mitigation against some features of root > kits, and really should be enabled everywhere possible. > > Under Secure Boot, the firmware will not load a boot loader if it has > been tampered with, which will not load a kernel that has been > tampered, which will not load modules that have been tampered. With > that chain of protection, it becomes very difficult for a root kit to > modify the kernel to fully hide its sockets, processes, and files, > which is a common feature of root kits on systems which do not offer > such protection. I will try turning on secure-boot next time I reboot, to see if I can boot with it turned on.. define "tampered with".. what if you run grub2-mkconfig.. that tampers with it... -- Paul Cartwright Registered Linux User #367800 and new counter #561587 -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
