Quote:
Originally Posted by LuckyCyborg
A virtualized kernel doesn't simplify the life of a rogue virtual machine put in a computer for whatever rogue reasons?
|
If someone has that level of access to your hardware, then the battle is already lost.
In terms of protection against such a thing being planted, you could take the Microsoft approach and simply not mount the EFI partition at bootup. That will make it invisible to the running system. If you're concerned about a user gaining access, you could also remove the EFI partition from your fstab... Although, as I said, if they have that level of access they could easily figure it out.