Navigation
Search
|
[$] Lockdown as a security module
Monday June 24, 2019. 10:41 PM , from LWN.net
Technologies like UEFI secure boot are intended to guarantee that a
locked-down system is running the software intended by its owner (for a definition of 'owner' as 'whoever holds the signing key recognized by the firmware'). That guarantee is hard to uphold, though, if a program run on the system in question is able to modify the running kernel somehow. Thus, proponents of secure-boot technologies have been trying for years to provide the ability to lock down many types of kernel functionality on secure systems. The latest attempt posted by Matthew Garrett, at an eyebrow-raising version 34, tries to address previous concerns by putting lockdown under the control of a Linux security module (LSM).
https://lwn.net/Articles/791863/rss
|
25 sources
Current Date
Apr, Fri 26 - 12:51 CEST
|