Re: [GIT PULL] Kernel lockdown for secure boot

From: Linus Torvalds
Date: Tue Apr 03 2018 - 20:15:20 EST

Next message: Matthew Garrett: "Re: [GIT PULL] Kernel lockdown for secure boot"
Previous message: Matthew Garrett: "Re: [GIT PULL] Kernel lockdown for secure boot"
In reply to: Matthew Garrett: "Re: [GIT PULL] Kernel lockdown for secure boot"
Next in thread: Matthew Garrett: "Re: [GIT PULL] Kernel lockdown for secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 3, 2018 at 5:10 PM, Matthew Garrett <mjg59@xxxxxxxxxx> wrote:
>
>> Exactly like EVERY OTHER KERNEL CONFIG OPTION.
>
> So your argument is that we should make the user experience worse? Without
> some sort of verified boot mechanism, lockdown is just security theater.
> There's no good reason to enable it unless you have some mechanism for
> verifying that you booted something you trust.

Wow. Way to snip the rest of the email where I told you what the
solution was. Let me repeat it here, since you so conveniently missed
it and deleted it:

>> Or, like a lot of other kernel options, maybe have a way to just
>> disable it on the kernel command line, and let the user know about it.
>>
>> That would still be better than disabling secure boot entirely in your
>> world view, so it's (a) more convenient and (b) better.

Matthew, it's simply not worth continuing talking with you.

I'll just not pull this crap, and vendors that you convince to do
stupid things have only themselves to blame.

You clearly have an agenda, and are not willing to look at arguments
against your idiotic choices.

Linus

Next message: Matthew Garrett: "Re: [GIT PULL] Kernel lockdown for secure boot"
Previous message: Matthew Garrett: "Re: [GIT PULL] Kernel lockdown for secure boot"
In reply to: Matthew Garrett: "Re: [GIT PULL] Kernel lockdown for secure boot"
Next in thread: Matthew Garrett: "Re: [GIT PULL] Kernel lockdown for secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]