> On Apr 3, 2018, at 10:16 AM, David Howells <dhowe...@redhat.com> wrote: > > Andy Lutomirski <l...@kernel.org> wrote: > >>> A kernel that allows users arbitrary access to ring 0 is just an >>> overfeatured bootloader. Why would you want secure boot in that case? >> >> To get a chain of trust. > > You don't have a chain of trust that you can trust in that case. >
Please elaborate on why I can’t trust it. Please also elaborate on how lockdown helps at all.
