On 09/09/2013 09:30 AM, Matthew Garrett wrote: > On Mon, 2013-09-09 at 09:27 -0700, H. Peter Anvin wrote: > >> This will break or have to be redefined once you have signed kexec. > > Yeah. I wasn't really sure how to define it based on an implementation > that isn't there yet - saying "kexec_load() of untrusted binaries" > implies that there's some way to do it for trusted binaries. > However, this is the fundamental problem with securelevel: it assumes there is not only a strict ordering between things to be secured, but also that specific rings will remain the meaningful levels forever. Neither of this tend to be true long time... which leads one back to capabilities. -hpa -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html