On 03. 03. 23, 4:40, David C. Rankin wrote:
On 3/2/23 01:22, Jiri Slaby wrote:
Hi all,
just so you know, as per bug 1198101, the kernel for Tumbleweed received patchset for locked down kernel (see the bug). This will be a part of the 6.2.1 submission (SR#1068171).
Few notes: * Hibernation does not work when secure boot is enabled (bug 1208766) * Leap inherited/contains this patchset long from SLE time ago.
regards,
Worth also keeping in mind secure-boot is no panacea. Posted this to the general list, but it is also worth considering here looking forward:
https://www.theregister.com/2023/03/01/blacklotus_malware_eset/
While that article regard windows, the same would likely apply to the unified kernel image if the system is hijacked before it loads.
Right. Generally, BIOSes are (very) buggy (search the kernel e.g. for "quirk"). So secure boot is no silver bullet. -- js suse labs