From mboxrd@z Thu Jan 1 00:00:00 1970 From: "H. Peter Anvin" Subject: Re: Trusted kernel patchset for Secure Boot lockdown Date: Thu, 13 Mar 2014 08:54:06 -0700 Message-ID: <5321D49E.30705@zytor.com> References: <1393445473-15068-1-git-send-email-matthew.garrett@nebula.com> <1394686919.25122.2.camel@x230> <20140313101235.753c3ec0@alan.etchedpixels.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20140313101235.753c3ec0-mUKnrFFms3BCCTY1wZZT65JpZx93mCW/@public.gmane.org> Sender: linux-efi-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: One Thousand Gnomes , James Morris Cc: Kees Cook , Andrew Morton , "jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org" , "linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org" , "linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , Matthew Garrett List-Id: linux-efi@vger.kernel.org On 03/13/2014 03:12 AM, One Thousand Gnomes wrote: > > I would prefer it did the revocation of CAP_SYS_RAWIO or at least > documented the absolute requirement. > Seconded. This has been my opinion, raised over and over and over again. -hpa