Attacking the kernel via its command line

You might not be able to grasp it, but the article misrepresents my position and reasoning about the issue via omission. It presents it as if I'm arguing against secure / verified boot, and in fact that's the opposite of what's happening. Luckily I can comment here to correct the record about what I said.

I'm arguing for using critical thinking about whether there's a security impact and the response to that only seems to be making an argument from authority / tradition and pushing a definition of 'secure boot' with the scope narrowed to exactly the current state of the implementation in Fedora / RHEL rather than the reality which is that the feature has a whole scale of possible implementations and the one that's present there is not yet a valuable security feature.

I'm happy to listen to an explanation of some setup where this could actually have a security impact. I've yet to see that. No attempt was made to present a scenario where it matters. I don't think there is one. I can certainly imagine a theoretical scenario involving code and a distribution that doesn't currently exist... but it requires truly treating the kernel line as untrusted and verifying at least a portion of userspace. If that was truly implemented, this would be a vulnerability in the system doing that. It still wouldn't be a vulnerability in the mainline Linux kernel itself since that would be a bunch of out-of-tree code...