Re: An actual suggestion (Re: [GIT PULL] Kernel lockdown for secure boot)

From: James Morris
Date: Wed Apr 04 2018 - 19:25:46 EST

Next message: Lyude Paul: "[PATCH] drm/i915/dp: Send DPCD ON for MST before phy_up"
Previous message: Stephen Rothwell: "Re: [v8, 11/18] mm, dax: enable filesystems to trigger dev_pagemap ->page_free callbacks"
In reply to: joeyli: "Re: An actual suggestion (Re: [GIT PULL] Kernel lockdown for secure boot)"
Next in thread: Matthew Garrett: "Re: An actual suggestion (Re: [GIT PULL] Kernel lockdown for secure boot)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 4 Apr 2018, David Howells wrote:

> > 6. There's a way to *decrease* the lockdown level below the configured
> > value. (This ability itself may be gated by a config option.)
> > Choices include a UEFI protected variable,
>
> By turning secure boot off, maybe?

It's surely reasonable to allow an already secure-booted system to be
debugged without needing to be rebooted.

- James
--
James Morris
<jmorris@xxxxxxxxx>

Next message: Lyude Paul: "[PATCH] drm/i915/dp: Send DPCD ON for MST before phy_up"
Previous message: Stephen Rothwell: "Re: [v8, 11/18] mm, dax: enable filesystems to trigger dev_pagemap ->page_free callbacks"
In reply to: joeyli: "Re: An actual suggestion (Re: [GIT PULL] Kernel lockdown for secure boot)"
Next in thread: Matthew Garrett: "Re: An actual suggestion (Re: [GIT PULL] Kernel lockdown for secure boot)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]