081714cab9
Do not pass our own cmdline on to the kernel. It may have been set by a malicious boot loader specification entry, and could instruct the kernel to load an arbitrary unprotected initrd (or perform some other fun stuff). Instead, always pass the command line built into the UKI, which is properly authenticated. |
||
---|---|---|
.. | ||
stub | ||
tool |