Re: [PATCH 00/12] One more attempt at useful kernel lockdown

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2013-09-09 at 13:18 -0400, Valdis.Kletnieks@xxxxxx wrote:

> You may as well bite the bullet on this one, and tie it together.  Without
> Secure Boot, by the time your code runs it's already too late.  That's the
> whole point of Secure Boot, after all.

It's already been made clear that nobody's interested in merging a
solution that's specific to Secure Boot. I can add a command line option
to set a default, and then anyone using an attesting bootloader
(TPM/TXT) can verify the state.

-- 
Matthew Garrett <matthew.garrett@xxxxxxxxxx>
��.n��������+%������w��{.n�����{����*jg��������ݢj����G�������j:+v���w�m������w�������h�����٥





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux