On 09/03/2014 03:20 PM, One Thousand Gnomes wrote:
>
> If you just want some "detector bits" for bug report filtering them its
> quite a different need to fixing "secure" boot mode. Even in the detector
> bits case there should be an overall plan and some defined properties
> that provide the security and which you can show should always be true.
>
As far as I'm concerning this is just a set of "detector bits". My
observation was simply that this is a *subset* of what "secure boot"
will eventually need.
Secure boot will need the error path no matter what... tainting
obviously doesn't.
(As far as I'm concerned, I'd be happy tainting the kernel for any
operation that requires CAP_RAWIO, but maybe that is too extreme.)
-hpa
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
