-
Nah its about as good as lkm signing but allows to just sign a whole partition instead of each module. not really any different. not sure its really better either.. just different. -
Yes, however we have a special case here.Originally posted by nanonyme View Post
The potential to remove that kernel parameter without negative effects on software functioning is potentially workable for this security functionality.
Could have compilation not add that parameter by default for compiling the kernel!Leave a comment:
-
Not very interesting security feature if it can be defeated so easily.Though even if the kernel is built with CONFIG_SECURITY_LOADPIN, it still can be defeated by setting loadpin.enabled=0 at boot-time.
This little security risk should definitely get some developer attention.Leave a comment:
-
Linux 4.7 To Gain New Security Feature Ported From Chrome OS
Phoronix: Linux 4.7 To Gain New Security Feature Ported From Chrome OS
James Morris has made known the security subsystem updates intended for the Linux 4.7 kernel and it includes one addition worth mentioning...
http://www.phoronix.com/scan.php?pag...in-Restriction
Leave a comment: