Re: [GIT PULL] Kernel lockdown for secure boot

From: Andy Lutomirski
Date: Tue Apr 03 2018 - 15:01:41 EST

Next message: Heinrich Schuchardt: "[BUG] checkpatch.pl: false positive: space prohibited before open square bracket"
Previous message: Andy Lutomirski: "Re: [GIT PULL] Kernel lockdown for secure boot"
In reply to: David Howells: "Re: [GIT PULL] Kernel lockdown for secure boot"
Next in thread: David Howells: "Re: [GIT PULL] Kernel lockdown for secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Apr 3, 2018, at 10:16 AM, David Howells <dhowells@xxxxxxxxxx> wrote:
>
> Andy Lutomirski <luto@xxxxxxxxxx> wrote:
>
>>> A kernel that allows users arbitrary access to ring 0 is just an
>>> overfeatured bootloader. Why would you want secure boot in that case?
>>
>> To get a chain of trust.
>
> You don't have a chain of trust that you can trust in that case.
>

Please elaborate on why I canât trust it. Please also elaborate on how
lockdown helps at all.

Next message: Heinrich Schuchardt: "[BUG] checkpatch.pl: false positive: space prohibited before open square bracket"
Previous message: Andy Lutomirski: "Re: [GIT PULL] Kernel lockdown for secure boot"
In reply to: David Howells: "Re: [GIT PULL] Kernel lockdown for secure boot"
Next in thread: David Howells: "Re: [GIT PULL] Kernel lockdown for secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]