On Tue, Apr 03, 2018 at 09:08:54PM +0000, Matthew Garrett wrote: > > The fact is, some hardware pushes secure boot pretty hard. That has > > *nothing* to do with some "lockdown" mode. > > Secure Boot ensures that the firmware will only load signed bootloaders. If > a signed bootloader loads a kernel that's effectively an unsigned > bootloader, there's no point in using Secure Boot - you should just turn it > off instead, because it's not giving you any meaningful security. Andy's > example gives a scenario where by constraining your *userland* sufficiently > you can get close to having the same guarantees, but that involves you > having a read-only filesystem and takes you even further away from having a > general purpose computer. > > If you don't want Secure Boot, turn it off. If you want Secure Boot, use a > kernel that behaves in a way that actually increases your security. That assumes you *can* turn that shit off. On the hardware where manufacturer has installed firmware that doesn't allow that SB is a misfeature that has to be worked around. Making that harder might improve the value of SB to said manufacturers, but what's the benefit for everybody else? -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
