> "Back then, even if Linux systems were employing secure boot mechanisms,
> there were still ways that malware could abuse drivers, root accounts, and
> user accounts with special elevated privileges to tamper with the kernel's
> code, and by doing so, gain boot persistence and a permanent foothold on
> infected systems."
>
> https://www.zdnet.com/article/linux-to-get-kernel-lockdown-feature/
>
> This seems like the long time coming of generally agreed upon good thing.
> I
> generally understand what this does, but I'm not a kernel or sw dev and so
> I don't know the full implications of this.
>
> Anyone doing security or dev work who has some concerns or sees more
> goodness with this?
It will be interesting to see what it breaks. I expect we will find a few
apps that read /dev/kmem for "reasons" that will not be happy.
I will be building a test spin then, and if, I can get my Skylake board
working.
Q: Why do programmers confuse Halloween and Christmas?
A: Because OCT 31 == DEC 25.
_______________________________________________
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
