From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S937577AbdDSPaB (ORCPT <rfc822;w@1wt.eu>);
        Wed, 19 Apr 2017 11:30:01 -0400
Received: from mx1.redhat.com ([209.132.183.28]:59074 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S935114AbdDSP3z (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 19 Apr 2017 11:29:55 -0400
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com E91DE8F860
Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=dhowells@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com E91DE8F860
Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley
        Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United
        Kingdom.
        Registered in England and Wales under Company Registration No. 3798903
From: David Howells <dhowells@redhat.com>
In-Reply-To: <9f97544c-cb49-c2a3-ecec-7840386d9281@ADLINKtech.com>
References: <9f97544c-cb49-c2a3-ecec-7840386d9281@ADLINKtech.com> <149141141298.29162.5612793122429261720.stgit@warthog.procyon.org.uk> <149141145858.29162.13072730133817038218.stgit@warthog.procyon.org.uk> <alpine.DEB.2.20.1704142021320.2327@nanos>
To: Jens Rottmann <Jens.Rottmann@ADLINKtech.com>
Cc: dhowells@redhat.com, Thomas Gleixner <tglx@linutronix.de>,
        LKML <linux-kernel@vger.kernel.org>, gnomes@lxorguk.ukuu.org.uk,
        gregkh@linuxfoundation.org, Daniel Lezcano <daniel.lezcano@linaro.org>,
        linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
        Andres Salomon <dilinger@queued.net>
Subject: Re: [PATCH 06/38] Annotate hardware config module parameters in drivers/clocksource/
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <25529.1492615788.1@warthog.procyon.org.uk>
Date: Wed, 19 Apr 2017 16:29:48 +0100
Message-ID: <25530.1492615788@warthog.procyon.org.uk>
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Wed, 19 Apr 2017 15:29:55 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Jens Rottmann <Jens.Rottmann@ADLINKtech.com> wrote:

> > When the kernel is running in secure boot mode [...] prevent
> > access by means of configuring driver modules
> 
> I may easily be wrong, but doesn't secure boot require EFI?

For the patches I have, yes.  It could feasibly be done by some other
mechanism, though I don't know that such an alternative exists.

> Do secure boot capable systems with old CS5535/36 even exist?

No idea.

David