David Howells of Red Hat has posted a 24-part patch to the Linux-(Kernel,EFI) lists, which hardens Linux from some firmware attacks. These patches provide a facility by which a variety of avenues by which userspace can feasibly modify the running kernel image can be locked down. These include:  (*) No unsigned modules and no modules … Continue reading Linux Kernel lockdown