Torvalds Opposes Tying UEFI Secure Boot to Kernel Lockdown Mode

An anonymous reader quotes Phoronix: The kernel lockdown feature further restricts access to the kernel by user-space with what can be accessed or modified... Pairing that with UEFI SecureBoot unconditionally is meeting some resistance by Linus Torvalds. The goal of kernel lockdown, which Linus Torvalds doesn't have a problem with at all, comes down to "prevent both direct and indirect access to a running kernel image, attempting to protect against unauthorised modification of the kernel image and to prevent access to security and cryptographic data located in kernel memory, whilst still permitting driver modules to be loaded." But what has the Linux kernel creator upset with are developers trying to pair this unconditionally with UEFI SecureBoot. Linus describes Secure Boot as being "pushed in your face by people with an agenda." But his real problem is that Secure Boot would then imply Kernel Lockdown mode... "Tying these things magically together IS A BAD IDEA."

Re:Please don't hurt me.

[guruevi]

That's not what the argument is about. UEFI SecureBoot has its place and reasons although an open implementation would be much better, Linux Kernel Lockdown has its place and reasons. Requiring one to enable the other is a problem or declaring that your system is broken without both enabled is a problem.