On Wed, 4 Apr 2018, Peter Jones wrote: > That is to say, as a result of the way malware has been written, our way > of thinking about it is often that it's a way to build a boot loader for > a malicious kernel, so that's how we wind up talking about it. Are we > concerned with malware stealing your data? Yes, but Secure Boot is only > indirectly about that. It's primarily about denying the malware easy > mechanisms to build a persistence mechanism. The uid-0 != ring-0 aspect > is useful independent of Secure Boot, but Secure Boot without it falls > way short of accomplishing its goal. I think we can all agree that The uid-0 != ring-0 aspect is useful independent of Secure Boot There is probably resonable consensus about the second part of this sentence as well: but Secure Boot without it falls way short of accomplishing its goal. Now where the disagreement lies is the way how the uid/ring0 aspect is tied to secure boot, which makes it impossible to be useful independent of Secure Boot. So the real question is, how can we make 'lockdown' usable and useful without Secure Boot and at the same time not violate the constraints of the Secure Boot scenario. If we can agree on the above then I hope that we can focus on the technical problems instead of arguing in circles. Thanks, tglx -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
