Re: [PATCH] x86: Lock down MSR writing in secure boot

From: Matthew Garrett
Date: Fri Feb 08 2013 - 20:29:54 EST

On Fri, 2013-02-08 at 17:22 -0800, H. Peter Anvin wrote:

> You don't have to build the kernel twice to exclude a loadable module.

I guess you could just strip the signatures off any modules you don't
want to support under Secure Boot, but that breaks some other use cases.

èº{.nÇ+‰·Ÿ®‰­†+%ŠËlzwm…ébëæìr¸›zX§»®w¥Š{ayºÊÚë,j­¢f£¢·hš‹àz¹®w¥¢¸ ¢·¦j:+v‰¨ŠwèjØm¶Ÿÿ¾«‘êçzZ+ƒùšŽŠÝj"ú!¶iO•æ¬z·švØ^¶m§ÿðà nÆàþY&—