On Sat, Dec 30, 2017 at 6:57 PM, Dan Aloni <[email protected]> wrote: > From: Dan Aloni <[email protected]> > > Hi All, > > There has been a lot of progress in recent times regarding the removal > of sensitive information from dmesg (pointers, etc.), so I figured - why > not encrypt it all? However, I have not found any existing discussions > or references regarding this technical direction. > > I am not sure that desktop and power users would like to have their > kernel message encrypted, but there are scenarios such as in mobile > devices, where only the developers, makers of devices, may actually > benefit from access to kernel prints messages, and the users may be > more protected from exploits.
What is the benefit of your approach compared to setting dmesg_restrict=1 or something like that and letting userland decide who should get access to raw dmesg output and in what form?
