Matthew Garrett Elaborates More On Lockdown + Secure Boot Pairing
![LINUX KERNEL](/assets/categories/linuxkernel.webp)
Linus Torvalds isn't against the kernel lockdown patches, he just is against it being explicitly enabled with UEFI SecureBoot and can't be easily turned off in that scenario. Matthew Garrett has written a blog post to lay out the case for UEFI SecureBoot with the lockdown functionality.
His argument is that what distributions wants, "The reason it's integrated with UEFI secure boot is because that's the policy most distributions want, since the alternative is to enable it everywhere even when it doesn't provide real benefits but does provide additional support overhead. You can use it even if you're not using UEFI secure boot. We should have just called it securelevel."
The post in full can be read on Dreamwidth.org.
22 Comments