On Fri, Feb 24, 2023 at 02:20:25PM -0600, Aaron Rainbolt wrote: > This makes good sense to me. The concern I'm noticing here is that Secure > Boot activates a kernel lockdown mode that prohibits kexec.
Incorrect. It disables the old kexec syscall which doesn't have an interface for doing signature verification of the payload. It does not disable the use of kexec as a feature. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: PGP signature
-- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
