Re: [GIT PULL] Kernel lockdown for secure boot

From: David Howells
Date: Tue Apr 03 2018 - 13:16:15 EST

Next message: Jon Maloy: "RE: general protection fault in tipc_nametbl_unsubscribe"
Previous message: Manivannan Sadhasivam: "Re: [PATCH v6 3/9] pinctrl: actions: Add Actions S900 pinctrl driver"
In reply to: Peter Dolding: "Re: [GIT PULL] Kernel lockdown for secure boot"
Next in thread: Andy Lutomirski: "Re: [GIT PULL] Kernel lockdown for secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andy Lutomirski <luto@xxxxxxxxxx> wrote:

> > A kernel that allows users arbitrary access to ring 0 is just an
> > overfeatured bootloader. Why would you want secure boot in that case?
>
> To get a chain of trust.

You don't have a chain of trust that you can trust in that case.

David

Next message: Jon Maloy: "RE: general protection fault in tipc_nametbl_unsubscribe"
Previous message: Manivannan Sadhasivam: "Re: [PATCH v6 3/9] pinctrl: actions: Add Actions S900 pinctrl driver"
In reply to: Peter Dolding: "Re: [GIT PULL] Kernel lockdown for secure boot"
Next in thread: Andy Lutomirski: "Re: [GIT PULL] Kernel lockdown for secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]