Signed module enforcement patches for
Mathieu Trudel-Lapierre
mathieu.trudel-lapierre at canonical.com
Fri Jun 17 06:17:08 UTC 2016
On Fri, Jun 17, 2016 at 8:37 AM, Tim Gardner <tim.gardner at canonical.com>
wrote:
[...]
>
> I did mention that I was going to merge these patches with signed module
> enforcement _disabled_ to begin with, didn't I ?
>
Yes. I see I obliterated the relevant bits from my reply. I'm saying that's
only fine as long as it can be toggled on the system, which would defeat
the purpose of having the kernel check for singatures anyway (if you can
easily disable or enable enforcement, then who cares if you sign anything).
We should just do this right, make sure everything was correctly testing,
and land it all *with* enforcement enabled, rather than having to do one
more SRU again later.
Could you describe here precisely what you and Andy have tested?
--
Mathieu Trudel-Lapierre <mathieu.trudel-lapierre at canonical.com>
Freenode: cyphermox, Jabber: mathieu.tl at gmail.com
4096R/65B58DA1 818A D123 0992 275B 23C2 CF89 C67B B4D6 65B5 8DA1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20160617/f36999a8/attachment.html>
More information about the kernel-team
mailing list