From kees@outflux.net Fri Jun 20 17:25:43 2014
Date: Fri, 20 Jun 2014 14:23:44 -0700
From: Kees Cook <kees@outflux.net>
To: lss-pc@ext.namei.org
Subject: [lss-pc] Discussion proposal: Trusted kernel lock-down patch series

There is a need to lock down access to raw kernel memory and devices when
running under certain conditions. UEFI Secure Boot, or Chrome OS Verified
Boot, among other situations, wants to be sure that userspace (even
privileged users) cannot change the running kernel.

A patch series that implements this was written (and rewritten) by Matthew
Garrett, but it has been bike-shed to death. We will discuss ways for this
series to move forward, and document the prior objections and rebuttals
so that future discussion can avoid resolved issues without distracting
from progess.


-Kees

-- 
Kees Cook                                            @outflux.net

_______________________________________________
lss-pc mailing list
lss-pc@ext.namei.org
https://ext.namei.org/mailman/listinfo/lss-pc