On Wed, Mar 27, 2019 at 8:15 PM James Morris <jmorris@xxxxxxxxx> wrote: > OTOH, this seems like a combination of mechanism and policy. The 3 modes > are a help here, but I wonder if they may be too coarse grained still, > e.g. if someone wants to allow a specific mechanism according to their own > threat model and mitigations. In general the interfaces blocked by these patches could also be blocked with an LSM, and I'd guess that people with more fine-grained requirements would probably take that approach. > Secure boot gives you some assurance of the static state of the system at > boot time, and lockdown is certainly useful (with or without secure boot), > but it's not a complete solution to runtime kernel integrity protection by > any stretch of the imagination. I'm concerned about it being perceived as > such. What do you think the functionality gaps are in terms of ensuring kernel integrity (other than kernel flaws that allow the restrictions to be bypassed)?
