[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <11096.1509642008@warthog.procyon.org.uk>
Date: Thu, 02 Nov 2017 17:00:08 +0000
From: David Howells <dhowells@...hat.com>
To: Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc: dhowells@...hat.com, joeyli <jlee@...e.com>,
linux-security-module@...r.kernel.org, gnomes@...rguk.ukuu.org.uk,
linux-efi@...r.kernel.org, gregkh@...uxfoundation.org,
linux-kernel@...r.kernel.org, jforbes@...hat.com,
Matthew Garrett <mjg59@...gle.com>
Subject: Re: [PATCH 07/27] kexec_file: Disable at runtime if securelevel has been set
Mimi Zohar <zohar@...ux.vnet.ibm.com> wrote:
> At some point, we'll want to also require the initramfs be signed as well.
That could be tricky. In Fedora, at least, that's assembled on the fly to
include just the drivers you need to be able to mount your root fs and find
the rest of your modules. (Unless you mean just for the installer)
David
Powered by blists - more mailing lists