On Mon, Feb 25, 2013 at 06:27:37PM +0300, Dan Carpenter wrote: > On Mon, Feb 25, 2013 at 06:30:23AM -0800, Greg KH wrote: > > On Mon, Feb 25, 2013 at 01:16:27PM +0300, Dan Carpenter wrote: > > > Even though I said it wasn't a security bug, what I should have > > > said as well is that in the new trusted computing model it actually > > > is a security problem. Root is only allowed to do whatever it wants > > > unless secure boot is disabled in the BIOS. > > > > What? Who has defined such a "model" for Linux? You aren't thinking > > about "UEFI secure boot" here, are you? Or is this something else? > > Yes. With UEFI secure boot vendors don't want root to be able to > load unsigned modules or be able to corrupt memory. Before, if it > was root only, then it was still a bug, but not a big deal. Note, that has NOTHING to do with UEFI, either the spec, or the current key-signing authority. This is merely something that _some_ vendors wish to do because of various reasons, none of them having anything to do with "trusted computing" or anything like that. And some vendors have been preventing non-signed kernel modules from being loaded for many years now, again, that doesn't have anything to do with "trusted computing", but rather, it was a support issue. thanks, greg k-h _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
