Re: [GIT PULL] Kernel lockdown for secure boot

From: Matthew Garrett
Date: Tue Apr 03 2018 - 20:19:55 EST

Next message: David Howells: "Re: [GIT PULL] Kernel lockdown for secure boot"
Previous message: Andy Lutomirski: "Re: [GIT PULL] Kernel lockdown for secure boot"
In reply to: Andy Lutomirski: "Re: [GIT PULL] Kernel lockdown for secure boot"
Next in thread: Greg Kroah-Hartman: "Re: [GIT PULL] Kernel lockdown for secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 3, 2018 at 5:18 PM Andy Lutomirski <luto@xxxxxxxxxx> wrote:

> if your secure boot-enabled bootloader can't prevent a bad guy from
> using malicious kernel command line parameters, then fix it.

How is a bootloader supposed to know what the set of malicious kernel
command line parameters is?

Next message: David Howells: "Re: [GIT PULL] Kernel lockdown for secure boot"
Previous message: Andy Lutomirski: "Re: [GIT PULL] Kernel lockdown for secure boot"
In reply to: Andy Lutomirski: "Re: [GIT PULL] Kernel lockdown for secure boot"
Next in thread: Greg Kroah-Hartman: "Re: [GIT PULL] Kernel lockdown for secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]