Re: [PATCH] x86: Lock down MSR writing in secure boot
From: Matthew Garrett
Date: Fri Feb 08 2013 - 20:29:54 EST
On Fri, 2013-02-08 at 17:22 -0800, H. Peter Anvin wrote:
> You don't have to build the kernel twice to exclude a loadable module.
I guess you could just strip the signatures off any modules you don't
want to support under Secure Boot, but that breaks some other use cases.