Re: [RFC] Second attempt at kernel secure boot support

From: Jiri Kosina
Date: Mon Oct 29 2012 - 03:49:39 EST

Next message: Martin Schwidefsky: "Re: [PATCH] s390: Add pmd_mknotpresent()"
Previous message: Rafael J. Wysocki: "Re: Power regression found on 3.6-rc1+"
Next in thread: Matthew Garrett: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 20 Sep 2012, Matthew Garrett wrote:

> This is pretty much identical to the first patchset, but with the capability
> renamed (CAP_COMPROMISE_KERNEL) and the kexec patch dropped. If anyone wants
> to deploy these then they should disable kexec until support for signed
> kexec payloads has been merged.

Apparently your patchset currently doesn't handle device firmware loading,
nor do you seem to mention in in the comments.

I believe signed firmware loading should be put on plate as well, right?

Thanks,

--
Jiri Kosina
SUSE Labs

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Martin Schwidefsky: "Re: [PATCH] s390: Add pmd_mknotpresent()"
Previous message: Rafael J. Wysocki: "Re: Power regression found on 3.6-rc1+"
Next in thread: Matthew Garrett: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]