On Wednesday, July 8, 2020 10:04:01 AM MST Richard Hughes wrote:
> On Wed, 8 Jul 2020 at 16:48, John M. Harris Jr <joh...@splentity.com>
> wrote:
> > needlessly disables a lot of kernel functionality
> It disables functionality which can destroy platform security.

It disables functionality that users need, such as inserting their kernel 
modules on their own system, or hibernating to disk. Let's be honest about 
what this does. This is not something that's beneficial here, it's only 
harming our users.

> > You cannot load kernel modules you've built
> If you can build and insert your own kernel module you can do almost
> anything to the hardware, including disabling various firmware
> protection technologies.
> tl;dr: if you care about platform security at all, enable secure boot.

If you've got root, you can STILL do almost anything to the hardware, 
including disabling various "firmware protection technologies". This is 
needlessly kneecapping users.

John M. Harris, Jr.

devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 

Reply via email to