On Tue, Apr 3, 2018 at 2:01 PM Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > On Tue, Apr 3, 2018 at 1:54 PM, Matthew Garrett <mjg59@xxxxxxxxxx> wrote: > > > >> .. maybe you don't *want* secure boot, but it's been pushed in your > >> face by people with an agenda? > > > > Then turn it off, or build a self-signed kernel that doesn't do this? > Umm. So you asked a question, and then when you got an answer you said > "don't do that then". > The fact is, some hardware pushes secure boot pretty hard. That has > *nothing* to do with some "lockdown" mode. Secure Boot ensures that the firmware will only load signed bootloaders. If a signed bootloader loads a kernel that's effectively an unsigned bootloader, there's no point in using Secure Boot - you should just turn it off instead, because it's not giving you any meaningful security. Andy's example gives a scenario where by constraining your *userland* sufficiently you can get close to having the same guarantees, but that involves you having a read-only filesystem and takes you even further away from having a general purpose computer. If you don't want Secure Boot, turn it off. If you want Secure Boot, use a kernel that behaves in a way that actually increases your security. -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
