On Wed, 03 Sep 2014 15:25:32 -0700 "H. Peter Anvin" <h.peter.an...@intel.com> wrote:
> On 09/03/2014 03:20 PM, One Thousand Gnomes wrote: > > > > If you just want some "detector bits" for bug report filtering them its > > quite a different need to fixing "secure" boot mode. Even in the detector > > bits case there should be an overall plan and some defined properties > > that provide the security and which you can show should always be true. > > > > As far as I'm concerning this is just a set of "detector bits". My > observation was simply that this is a *subset* of what "secure boot" > will eventually need. I think that observation is untrue. The only partially overap. > (As far as I'm concerned, I'd be happy tainting the kernel for any > operation that requires CAP_RAWIO, but maybe that is too extreme.) You can't then for example format some types of disk in your data center. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/