Received: by 10.223.164.221 with SMTP id h29csp524327wrb;
        Thu, 5 Oct 2017 05:35:15 -0700 (PDT)
X-Google-Smtp-Source: AOwi7QDjCBHWQBS50PSpisPgw+nsvscU7QchS9bI+Elqu6GN+pfJ9UG5fDXkiwxw5UgzW0+wKwdK
X-Received: by 10.98.24.80 with SMTP id 77mr5608339pfy.195.1507206915711;
        Thu, 05 Oct 2017 05:35:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1507206915; cv=none;
        d=google.com; s=arc-20160816;
        b=osX9DvwH4GX8Ns07XbnG4i/DjVPMppfYM3tQKfwS7X7i+CzhI/OCoP5xrHzKqd0mce
         uZb8xaPI7mrjFSfBOc5YFSaGztzLeWkjJ2gV8PYxO1gdJAmTORn1eHLt2wN3CEIL7otb
         Okp0Ins546YXvP4I4OURfuD0QjD5RGyxZN2/+NbktZDGxTY+wLRDAx73T4X+idfk0Psc
         hsfWZIeFT0xYelWMFNmhhpLWhoClXCAnVlKUshVqHgA7nAHaf4YcoZQ1fH1K2TrVfFIi
         NbCgie8nNN4gNukqo0ELfceAKCvvGcuVPPxRetsum6JETyevyfd+atPWqRTSRMCIXnNC
         EfQg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dmarc-filter
         :arc-authentication-results;
        bh=+VqGyHegqJ3Jat7k4LGjSZpTIg8uFuisd9kwb+HBHp0=;
        b=cE6Vd5mZD+qOsEo7e+S9a7wzn1NZEO5W7TNHHo90442LTpqHcPLYJ5OjR1Snt4Pspb
         LNxaNmIEqFp0RTrpvsjfrREwHqZowIzewZs/wd8vp7pMC+u2AVa6PrRB37aJk63xjS5S
         INJwiSRYLYNjDItUf6h/G3H3GibXlXp2CKiEhoAdr1QIFKnNaDzgP2HRT/3REI36Wfya
         UprYcQn5KycAQzTu+y0pyISOiqoH9N6CguaDjlqE0KR8Tq3QtbofwRBaiRLniawi5vVM
         AWBdXFB6okZNB6PKrFtfCQkSY+ylSGPDFAdJ4eBIeWgwDkO5jJ7Fdgn/VC7t8sc96sF/
         BseQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 31si13731285pli.687.2017.10.05.05.35.01;
        Thu, 05 Oct 2017 05:35:15 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751518AbdJEMdg (ORCPT <rfc822;mahoosoft4you@gmail.com>
        + 99 others); Thu, 5 Oct 2017 08:33:36 -0400
Received: from mx1.redhat.com ([209.132.183.28]:47000 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751295AbdJEMde (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 5 Oct 2017 08:33:34 -0400
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id E06F45F2993;
        Thu,  5 Oct 2017 12:33:33 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com E06F45F2993
Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=fweimer@redhat.com
Received: from oldenburg.str.redhat.com (ovpn-117-220.ams2.redhat.com [10.36.117.220])
        by smtp.corp.redhat.com (Postfix) with ESMTPS id 95F0660603;
        Thu,  5 Oct 2017 12:33:31 +0000 (UTC)
Subject: Re: Draft manpage explaining kernel lockdown
To:     David Howells <dhowells@redhat.com>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        mtk.manpages@gmail.com
Cc:     mcgrof@kernel.org, johannes@sipsolutions.net,
        linux-man@vger.kernel.org, keyrings@vger.kernel.org,
        linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org,
        linux-kernel@vger.kernel.org
References: <7969.1507201224@warthog.procyon.org.uk>
From:   Florian Weimer <fweimer@redhat.com>
Message-ID: <3765ad08-2c73-7285-02e1-e04f31dde3fd@redhat.com>
Date:   Thu, 5 Oct 2017 14:33:30 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <7969.1507201224@warthog.procyon.org.uk>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Thu, 05 Oct 2017 12:33:34 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 10/05/2017 01:00 PM, David Howells wrote:
> Lockdown is typically enabled during boot and may be terminated, if configured,
> by typing a special key combination on a directly attached physical keyboard.

Does this include a Bluetooth keyboard (which might not actually exist 
and might in reality be another server in the same rack, of course).

Thanks,
Florian

From 1580415575485403451@xxx Thu Oct 05 11:09:03 +0000 2017
X-GM-THRID: 1580415097298572743
X-Gmail-Labels: Inbox,Category Forums