On Tue, Apr 3, 2018 at 9:29 AM, Matthew Garrett <mj...@google.com> wrote: > On Tue, Apr 3, 2018 at 8:11 AM Andy Lutomirski <l...@kernel.org> wrote: >> Can you explain that much more clearly? I'm asking why booting via >> UEFI Secure Boot should enable lockdown, and I don't see what this has >> to do with kexec. And "someone blacklist[ing] your key in the >> bootloader" sounds like a political issue, not a technical issue. > > A kernel that allows users arbitrary access to ring 0 is just an > overfeatured bootloader. Why would you want secure boot in that case?
.. maybe you don't *want* secure boot, but it's been pushed in your face by people with an agenda? Seriously. Linus