Subject: Re: verified executable kernel modification committed
To: Brett Lymn <email@example.com>
From: grant beattie <firstname.lastname@example.org>
Date: 10/30/2002 12:03:04
On Wed, Oct 30, 2002 at 01:10:11AM +1030, Brett Lymn wrote:
> Q: So, how do you stop the list being updated later?
> A: by using securelevel - the fingerprints can only be loaded at
> securelevel == 0. The full effect of the verified exec is in
> effect at securelevel > 2 (i.e. 3 onwards), at this point warnings
> about invalid/missing fingerprints become fatal errors, before this
> they were merely warnings.
Are there alternative ways (already existing or not) to activate it? The
securelevel scheme prevents it from being used effectively when options
INSECURE is used. :(