Re: [RFC] Second attempt at kernel secure boot support

From: Florian Weimer
Date: Tue Nov 06 2012 - 17:07:15 EST

Next message: Sukadev Bhattiprolu: "[PATCH 3/4] perf/POWER7: Make event translations available in sysfs"
Previous message: Casey Schaufler: "Re: [PATCH] smack: SMACK_MAGIC to include/uapi/linux/magic.h"
In reply to: Matthew Garrett: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: Matthew Garrett: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Matthew Garrett:

> I'm not sure why you think that Fedora PXE installs will
> automatically wipe disks - they'll do whatever Kickstart tells them
> to do.

Or what the referenced initrd contains (which is not signed, for
obvious reasons). The point is that "the bootloader is signed by
Fedora" does not translate to "I can run this without worries".

I'm not sure if anybody has made promises in this direction. But lack
of a "do no harm" rule (which would have to prevent certain forms of
unattended installation for sure) means that we do not get that many
benefits out of Secure Boot.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sukadev Bhattiprolu: "[PATCH 3/4] perf/POWER7: Make event translations available in sysfs"
Previous message: Casey Schaufler: "Re: [PATCH] smack: SMACK_MAGIC to include/uapi/linux/magic.h"
In reply to: Matthew Garrett: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: Matthew Garrett: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]