> On Apr 3, 2018, at 10:16 AM, David Howells <dhowells@xxxxxxxxxx> wrote: > > Andy Lutomirski <luto@xxxxxxxxxx> wrote: > >>> A kernel that allows users arbitrary access to ring 0 is just an >>> overfeatured bootloader. Why would you want secure boot in that case? >> >> To get a chain of trust. > > You don't have a chain of trust that you can trust in that case. > Please elaborate on why I can’t trust it. Please also elaborate on how lockdown helps at all. -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
