Re: [GIT PULL] Kernel lockdown for secure boot
From: Linus Torvalds
Date: Tue Apr 03 2018 - 19:59:06 EST
On Tue, Apr 3, 2018 at 4:56 PM, David Howells <dhowells@xxxxxxxxxx> wrote:
=>
> Most users haven't even given this a moment's thought, aren't even aware of
> the issues, don't even know to ask and, for them, it makes no difference.
> They trust their distribution to deal with stuff they don't know about.
Right.
Like perhaps trusting the distribution to just enable all those
security measures _regaredless_ of whether they booted in using secure
boot or not?
See?
If lockdown breaks something, the distro would need to fix it
regardless of secure boot.
So why is the enablement dependent on it again?
I'm not arguing "lockdown shouldn't be on".
I'm arguing "lockdown being on or off has _nothing_ to do with whether
the machine was booted in EFI mode with secure boot or not".
You don't seem to get it.
Linus