[$] Kernel lockdown in 4.17?

The UEFI secure boot mechanism is intended to protect the system againstpersistent malware threats - unpleasant bits of software attached to theoperating system or bootloader that will survive a reboot. While Linuxhas supported secure boot for some time, proponents have long said thatthis support is incomplete in that it is still possible for the root userto corrupt the system in a number of ways. Patches that attempt toclose this hole have been circulating for years, but they have beencontroversial at best. This story may finally come to a close, though, ifLinus Torvalds accepts the "kernel lockdown" patch series during the 4.17merge window.