eww. what do you want that for? that's before the page allocator setup
would it be possible to let the user store a custom cmdline as long as they edit it from a context that runs before any untrusted userspace and let the TPM verify that (using the PCRs)?
-
-
then the kernel cmdline as delivered from the bootloader to the kernel could consist of a distro-signed base cmdline, a TPM-attested user config, and a very narrow set of whitelisted hints for locating the disk that update-grub is allowed to generate automatically
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.