> > Well, given that approximately everyone will be booting under EFI within > > 18 months, treating it as a niche case seems a little short sighted. Actually the majority of Linux devices are not PCs 8) > > secondly, there are already several non-EFI platforms that want to enact > > a policy preventing root from being able to arbitrarily replace the > > kernel. Given that people are doing this in the wild, it makes sense to > > move towards offering that policy in the mainline kernel. > > Either this code makes sense without an appeal to EFI or this code makes > no sense. Yes - and the capability is I think the right starting point (although you'll never make any OS locked down this way even if you are not in fact violating the GPLv2 license by doing so, which I suspect will be the case for some implementations) > So please rework this to come from an angle that makes sense all by > itself. I think it needs to be defined in terms of what the capability is supposed to guarantee. I have a feeling Matthew has a pretty clear idea about that in his head so can nail it fairly precisely ? Alan -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
