Matthew Garrett Elaborates More On Lockdown + Secure Boot Pairing

Written by Michael Larabel in Linux Kernel on 5 April 2018 at 05:29 AM EDT. 22 Comments
A few days back we covered the heated exchange on the kernel mailing list over the path being pursued by the Linux kernel "lockdown" patches. Those back and forth messages between Google's Matthew Garrett and Linus Torvalds have now spilled over into a blog post by Garrett.

Linus Torvalds isn't against the kernel lockdown patches, he just is against it being explicitly enabled with UEFI SecureBoot and can't be easily turned off in that scenario. Matthew Garrett has written a blog post to lay out the case for UEFI SecureBoot with the lockdown functionality.

His argument is that what distributions wants, "The reason it's integrated with UEFI secure boot is because that's the policy most distributions want, since the alternative is to enable it everywhere even when it doesn't provide real benefits but does provide additional support overhead. You can use it even if you're not using UEFI secure boot. We should have just called it securelevel."

The post in full can be read on
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week