On Wednesday, July 8, 2020 10:04:01 AM MST Richard Hughes wrote:
On Wed, 8 Jul 2020 at 16:48, John M. Harris Jr
<johnmh(a)splentity.com>
wrote:
> needlessly disables a lot of kernel functionality
It disables functionality which can destroy platform security.
It disables functionality that users need, such as inserting their kernel
modules on their own system, or hibernating to disk. Let's be honest about
what this does. This is not something that's beneficial here, it's only
harming our users.
> You cannot load kernel modules you've built
If you can build and insert your own kernel module you can do almost
anything to the hardware, including disabling various firmware
protection technologies.
tl;dr: if you care about platform security at all, enable secure boot.
If you've got root, you can STILL do almost anything to the hardware,
including disabling various "firmware protection technologies". This is
needlessly kneecapping users.
--
John M. Harris, Jr.