On Wed, 2013-03-20 at 12:41 -0400, Mimi Zohar wrote:
> Matthrew, perhaps you could clarify whether this will be tied to MAC
> security. Based on the kexec thread, I'm under the impression that is
> not the intention, or at least not for kexec. As root isn't trusted,
> neither is the boot command line, nor any policy that is loaded by root,
> including those for MAC.
The work done on signed initramfs fragments would seem to be the best
option here so far?
--
Matthew Garrett | mjg59@xxxxxxxxxxxxx
��.n��������+%�������w��{.n�����{���"�)���jg���������ݢj�����G��������j:+v���w�m������w�������h�����٥
