Bug#820008: Support for securelevel and Secure Boot

[Florian Weimer <fw@deneb.enyo.de>]

* Ben Hutchings:

> To ensure the integrity of the kernel, we should support a securelevel
> where all modules must be signed by a trusted key and all APIs
> allowing arbitrary memory writes are disabled.

What is a trusted key?  I'm not convinced we can align this with
Debian's principles.

> To meet Secure Boot requirements, we need to turn this on whenever
> booted with SB enabled.

I object to Microsoft Secure Boot support in Debian.  It has no clear
security objective, requires the use of Microsoft Windows and
Microsoft services to build boot loaders, and might harm our users in
the long term (e.g., users can only access the web from a Secure Boot
machine with a Firefox built by Mozilla, and Firefox promises web
sites not to enable the “Save as ...” context menu item).

Just support for UEFI signed boot loaders would be a different matter,
but then we don't need securelevel support in the kernel.

Maybe we should discuss this on debian-project?

Fedora has kernel patches for this, but they are not upstream, and are
unlikely to end up there ever.