On Tue, Apr 3, 2018 at 1:53 PM Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > On Tue, Apr 3, 2018 at 9:29 AM, Matthew Garrett <mjg59@xxxxxxxxxx> wrote: > > On Tue, Apr 3, 2018 at 8:11 AM Andy Lutomirski <luto@xxxxxxxxxx> wrote: > >> Can you explain that much more clearly? I'm asking why booting via > >> UEFI Secure Boot should enable lockdown, and I don't see what this has > >> to do with kexec. And "someone blacklist[ing] your key in the > >> bootloader" sounds like a political issue, not a technical issue. > > > > A kernel that allows users arbitrary access to ring 0 is just an > > overfeatured bootloader. Why would you want secure boot in that case? > .. maybe you don't *want* secure boot, but it's been pushed in your > face by people with an agenda? Then turn it off, or build a self-signed kernel that doesn't do this? -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
