Jarkko Sakkinen <jar...@kernel.org> wrote: > > I suppose a user space tool could be created. But wouldn’t what is > > currently done in the kernel in this area need to be removed? > > Right. I don't think this was a great idea in the first place to > do to the kernel but since it exists, I guess the patch does make > sense.
This information needs to be loaded from the UEFI tables before the system starts loading any kernel modules or running any programs (if we do verification of such, which I think IMA can do). David