On Wed, Nov 16, 2016 at 3:47 PM, David Howells <dhowells@xxxxxxxxxx> wrote: > > These patches provide a facility by which a variety of avenues by which > userspace can feasibly modify the running kernel image can be locked down. > These include: > Bit surprised to see this. Not that I am opposed to the patches themselves. These were pulled into my tree as the first step towards consolidating the implementation used for secure boot, and I know there is interest in using large parts outside of a secure boot context as well, but there were a few changes to be made after our discussions in Santa Fe. Those are going into http://git.kernel.org/cgit/linux/kernel/git/jforbes/linux.git/log/?h=lockdown I am completely happy to submit those changes as separate patches if people want to take these. They do actually work, and are being shipped and supported by multiple distributions at this point. Justin -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
