@tehjh If you don't have any kind of verified boot, an attacker can just replace the kernel and reboot. If you do, pass the flag in bootparm
@mjg59 if securelevel is enabled via syscall, can't an attacker replace init, then reboot? or is the filesystem also signed?
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.