On Fri, 22 Nov 2013, Vivek Goyal wrote: > > OTOH, does this feature make any sense whatsover on architectures that > > don't support secure boot anyway? > > I guess if signed modules makes sense, then being able to kexec signed > kernel images should make sense too, in general. Well, that's really a grey zone, I'd say. In a non-secureboot environment, if you are root, you are able to issue reboot into a completely different, self-made kernel anyway, independent on whether signed modules are used or not. -- Jiri Kosina SUSE Labs
