next up previous contents
Next: Do not execute unprotected Up: Options description Previous: Options description   Contents

Security alert when execing unprotected programs before sealing

Saying yes will generate a security alert for each unprotected program executed before LIDS is sealed (with lidsadm -I - caps...). This can help a lot to check whether your boot sequence is secured but this won't tell you which modules are loaded and not protected. This can also warn you if a weakness has been exploited and a program6.4 has been added to the boot process.

Saying yes increases security.



Biondi Philippe 2000-02-24