On Tue, Apr 3, 2018 at 4:59 PM, Matthew Garrett <mjg59@xxxxxxxxxx> wrote:
>
> Ok. So we can build distribution kernels that *always* have this on, and to
> turn it off you have to disable Secure Boot and install a different kernel.
Bingo.
Exactly like EVERY OTHER KERNEL CONFIG OPTION.
Just like all the ones that I've mentioned several times.
Or, like a lot of other kernel options, maybe have a way to just
disable it on the kernel command line, and let the user know about it.
That would still be better than disabling secure boot entirely in your
world view, so it's (a) more convenient and (b) better.
Again, in no case does it make sense to tie it into "how did we boot".
Because that's just inconvenient for everybody.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
