On Wed, 2013-03-20 at 12:41 -0400, Mimi Zohar wrote: > Matthrew, perhaps you could clarify whether this will be tied to MAC > security. Based on the kexec thread, I'm under the impression that is > not the intention, or at least not for kexec. As root isn't trusted, > neither is the boot command line, nor any policy that is loaded by root, > including those for MAC. The work done on signed initramfs fragments would seem to be the best option here so far? -- Matthew Garrett | mjg59@xxxxxxxxxxxxx ��.n��������+%������w��{.n�����{����*jg��������ݢj����G�������j:+v���w�m������w�������h�����٥