On Tue, 2015-03-17 at 20:22 +0000, Simon McVittie wrote: > Is the intention instead that it will make privileged bits of userland > more careful to avoid breaking the trust chain in ways that would "fail > safe" by refusing to boot?
Not really. It's intended to avoid the situation where privileged userspace is able to modify the running kernel to an extent that's broadly equivalent to booting an arbitrary kernel.
