On Mon, 2013-09-09 at 11:25 -0700, David Lang wrote:
> Given that we know that people want signed binaries without blocking kexec, you
> should have '1' just enforce module signing and '2' (or higher) implement a full
> lockdown including kexec.
There's already a kernel option for that.
--
Matthew Garrett <matthew.garrett@xxxxxxxxxx>
��.n��������+%������w��{.n�����{����* jg���
�����ݢj����G����
���j:+v���w�m������w�������h�����٥
