On Tue, Apr 3, 2018 at 4:55 PM Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > On Tue, Apr 3, 2018 at 4:45 PM, Matthew Garrett <mjg59@xxxxxxxxxx> wrote: > >> Be honest now. It wasn't generally users who clamored for it. > > > > If you ask a user whether they want a system that lets an attacker replace > > their kernel or one that doesn't, what do you think their answer is likely > > to be? > Goddamnit. > We both know what the answer will be. > And it will have *nothing* to do with secure boot. Right, because they care about outcome rather than mechanism. Secure Boot is the mechanism we have to make that outcome possible. > > Again, what is your proposed mechanism for ensuring that off the shelf > > systems can be configured in a way that makes this possible? > If you think lockdown is a good idea, and you enabled it, then IT IS ENABLED. Ok. So we can build distribution kernels that *always* have this on, and to turn it off you have to disable Secure Boot and install a different kernel. Or we can build distribution kernels that only have this on when you're booting in a context that makes sense, and you can disable it by just disabling Secure Boot (by running mokutil --disable-validation) and not have to install a new kernel. Which outcome do you prefer? -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
