[$] Kernel lockdown in 4.17?

Post Syndicated from corbet original https://lwn.net/Articles/750730/rss

The UEFI secure boot mechanism is intended to protect the system against
persistent malware threats — unpleasant bits of attached to the
operating system or that will survive a reboot. While Linux
has supported secure boot for some , proponents have long said that
this is incomplete in that it is still possible for the root user
to corrupt the system in a number of ways. Patches that attempt to
close this hole have been circulating for years, but they have been
controversial at best. This story may finally come to a close, though, if
Linus Torvalds accepts the “ lockdown” patch series during the 4.17
merge window.