On Wed, 2013-03-20 at 12:41 -0400, Mimi Zohar wrote: > Matthrew, perhaps you could clarify whether this will be tied to MAC > security. Based on the kexec thread, I'm under the impression that is > not the intention, or at least not for kexec. As root isn't trusted, > neither is the boot command line, nor any policy that is loaded by root, > including those for MAC. The work done on signed initramfs fragments would seem to be the best option here so far? -- Matthew Garrett | mjg59 at srcf.ucam.org
