[Ksummit-discuss] [TECH TOPIC] Kernel lockdown and secure boot
David Howells
dhowells at redhat.com
Wed Sep 5 20:14:54 UTC 2018
Justin Forbes <jmforbes at linuxtx.org> wrote:
> Lockdown is a config option on it's own, just also add a separate
> config option option to enable lockdown on UEFI secure boot.
The patchset has that already (CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT).
One of the issues appears to be that we're making it boot-time conditional at
all. If I understand him correctly, Linus seems to want us to make everything
locked down at compile time or not at all.
David
More information about the Ksummit-discuss
mailing list