Re: [PATCH v2] x86/ima: require signed kernel modules

From: Matthew Garrett
Date: Thu Mar 07 2019 - 17:46:05 EST

Next message: Mimi Zohar: "Re: [PATCH 3/3] x86/ima: retry detecting secure boot mode"
Previous message: Matthew Garrett: "Re: [PATCH 3/3] x86/ima: retry detecting secure boot mode"
In reply to: Mimi Zohar: "Re: [PATCH v2] x86/ima: require signed kernel modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Mar 7, 2019 at 2:41 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
> On Thu, 2019-03-07 at 14:36 -0800, Matthew Garrett wrote:
> > Right, but how is this different to what Linus was objecting to?
>
> Both Andy Lutomirski and Linus objected to limiting the "lockdown"
> patch set to secure boot enabled systems.

No, Linus objected to it being automatically enabled when secure boot
was enabled. It was always possible to enable it at boot on any
platform.

Next message: Mimi Zohar: "Re: [PATCH 3/3] x86/ima: retry detecting secure boot mode"
Previous message: Matthew Garrett: "Re: [PATCH 3/3] x86/ima: retry detecting secure boot mode"
In reply to: Mimi Zohar: "Re: [PATCH v2] x86/ima: require signed kernel modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]