I have been attending many talks on Secure Boot. The basic idea behind secure boot is to ensure that the bios/bootloader and kernel have not been hacked. My understanding of how this is done is everything is signed and verified during the bootup. Nothing can run in the kernel that was not signed and verified.
Then we Oracle pushing Ksplice.
I can't help but ask the question?
Is ksplice a security disaster waiting to happen?
Dan Walsh's Blog
- Secure Boot versus Ksplice.