Re: [PATCH 00/12] One more attempt at useful kernel lockdown

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/10/2013 04:55 PM, Mimi Zohar wrote:
>>
>> What would the deliverables be from the hardware vendor and what tools
>> would you expect them to need on their end?
> 
> The package installer needs to not only install files, but file metadata
> as well.  Elena Reshetova (Intel) has already added rpm hooks to write
> security xattrs.  The next step, yet to be done, is to include and write
> the signatures as part of the rpm install process.
> 

That's a total non-option.

There needs to be something that can be done even on a Windows box by a
largely untrained release engineer if we're going to have a prayer of
getting this supported.

So, there is your answer why not.

	-hpa


--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux