Re: [PATCH] x86: Lock down MSR writing in secure boot

From: Matthew Garrett
Date: Fri Feb 08 2013 - 20:29:54 EST

Next message: James Ralston: "[PATCH 2/5] hda_intel: Add Device IDs for Intel Wellsburg PCH"
Previous message: James Ralston: "[PATCH 1/5] ata_piix: Add Device IDs for Intel Wellsburg PCH"
In reply to: H. Peter Anvin: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Next in thread: Kees Cook: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2013-02-08 at 17:22 -0800, H. Peter Anvin wrote:

> You don't have to build the kernel twice to exclude a loadable module.

I guess you could just strip the signatures off any modules you don't
want to support under Secure Boot, but that breaks some other use cases.

èº{.nÇ+‰·Ÿ®‰†+%ŠËlzwm…ébëæìr¸›zX§»®w¥Š{ayºÊÚë,j¢f£¢·hš‹àz¹®w¥¢¸¢·¦j:+v‰¨ŠwèjØm¶Ÿÿ¾«‘êçzZ+ƒùšŽŠÝj"ú!¶iO•æ¬z·švØ^¶m§ÿðÃnÆàþY&—

Next message: James Ralston: "[PATCH 2/5] hda_intel: Add Device IDs for Intel Wellsburg PCH"
Previous message: James Ralston: "[PATCH 1/5] ata_piix: Add Device IDs for Intel Wellsburg PCH"
In reply to: H. Peter Anvin: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Next in thread: Kees Cook: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]