Misleading headline
Phoronix, "Secure Boot Breaks Kexec, Hibernate Support On Linux" is a very misleading headline.
Implementing SB does not 'break' those things. The problem is that those features make it trivial to circumvent SB protections. It's not that these things have to be disabled for SB to 'work'; it's that if you want to have the actual protection of SB, it logically requires that those features be disabled until they are improved from a security perspective. As long as those things are enabled, an attack could circumvent the protections SB is intended to provide.
Phoronix, "Secure Boot Breaks Kexec, Hibernate Support On Linux" is a very misleading headline.
Implementing SB does not 'break' those things. The problem is that those features make it trivial to circumvent SB protections. It's not that these things have to be disabled for SB to 'work'; it's that if you want to have the actual protection of SB, it logically requires that those features be disabled until they are improved from a security perspective. As long as those things are enabled, an attack could circumvent the protections SB is intended to provide.
Comment