https://github.com/mjg59/linux/commit/1fa28d39024cebb051319c5a15f8f6f2777b8d72 … - when the thing with the comment "This should be called early in the kernel init sequence" can't be called sufficiently early
but essentially this would mean that you can't set kernel config flags anymore, right? even if the user manually sets them in the grub commandline on boot?
-
-
No, that's the point - you can pass anything you want, lockdown filters out anything that's bad
-
so it's default-allow? where do you draw the line? disabling ucode loading? disabling kaslr? (actually, I guess that one might run too early even with that new commit.) kpti? I guess memmap= is out? iommu= is probably out?
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.