* Ben Hutchings: > To ensure the integrity of the kernel, we should support a securelevel > where all modules must be signed by a trusted key and all APIs > allowing arbitrary memory writes are disabled.
What is a trusted key? I'm not convinced we can align this with Debian's principles. > To meet Secure Boot requirements, we need to turn this on whenever > booted with SB enabled. I object to Microsoft Secure Boot support in Debian. It has no clear security objective, requires the use of Microsoft Windows and Microsoft services to build boot loaders, and might harm our users in the long term (e.g., users can only access the web from a Secure Boot machine with a Firefox built by Mozilla, and Firefox promises web sites not to enable the “Save as ...” context menu item). Just support for UEFI signed boot loaders would be a different matter, but then we don't need securelevel support in the kernel. Maybe we should discuss this on debian-project? Fedora has kernel patches for this, but they are not upstream, and are unlikely to end up there ever.
