On Wed, 2013-09-04 at 14:09 -0600, jerry.hoemann@xxxxxx wrote: > On Tue, Sep 03, 2013 at 07:50:15PM -0400, Matthew Garrett wrote: > > kexec permits the loading and execution of arbitrary code in ring 0, which > > is something that module signing enforcement is meant to prevent. It makes > > sense to disable kexec in this situation. > > > > Signed-off-by: Matthew Garrett <matthew.garrett@xxxxxxxxxx> > > > Matthew, > > Disabling kexec will disable kdump, correct? Yes. > Are there plans to enable kdump on a system where secure > boot is enabled? Yes, Vivek Goyal (cc:ed) is working on that. -- Matthew Garrett <matthew.garrett@xxxxxxxxxx> ��.n��������+%������w��{.n�����{����*jg��������ݢj����G�������j:+v���w�m������w�������h�����٥