[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security

Guenter Roeck linux at roeck-us.net
Fri Jun 29 16:52:07 UTC 2012


On Thu, Jun 28, 2012 at 03:47:21PM +0100, Matthew Garrett wrote:
> On Thu, Jun 28, 2012 at 11:28:18AM +0900, Masami Hiramatsu wrote:
> 
> > As far as I know, secure boot is not only for booting but it also
> > including authentication of all executable binaries include
> > applications. Thus, the user can't execute any untrusted (not-signed)
> > binary and programs, as like as viruses, (unauthenticated:))malwares.
> 
> No, it doesn't imply any signing of userspace.
> 
Are there any plans to add support for signed binaries, similar to what
the digsig module used to provide ?

Thanks,
Guenter


More information about the Ksummit-2012-discuss mailing list