Enabling secure boot automatically locks down dmesg.
And it locks down other security related things as well (suspend to disk).
I´m glad kernel folks will soon add more lockdowns that also will be available to none secure boot users.
Besides, there is so much more to do to get a reasonably safe machine.
Mandatory access control is such an important mechanism, protect at least your web browser and email client. I love AppArmor. It´s simple and straight forward. Better also protect your PDF reader and favourite virtualizer solution with MAC.
Locking down dmesg won´t stop a serious intruder.
The larger your minefield, the better.
And it locks down other security related things as well (suspend to disk).
I´m glad kernel folks will soon add more lockdowns that also will be available to none secure boot users.
Besides, there is so much more to do to get a reasonably safe machine.
Mandatory access control is such an important mechanism, protect at least your web browser and email client. I love AppArmor. It´s simple and straight forward. Better also protect your PDF reader and favourite virtualizer solution with MAC.
Locking down dmesg won´t stop a serious intruder.
The larger your minefield, the better.
Comment