Re: [PATCH v3] x86, efi: Calling __pa() with an ioremap'd addressis invalid
From: H. Peter Anvin
Date: Mon Nov 07 2011 - 15:57:57 EST
On 11/07/2011 12:48 PM, Matthew Garrett wrote:
>
> If the kernel is able to call boot services then the kernel needs to be
> signed. If it's all handled by the bootloader then the bootloader can be
> signed and the kernel doesn't have to be. Depends which one people
> update more, I guess.
>
... and what security attributes they are looking for.
However, "EFI stub in the kernel" doesn't mean "can't use an external
bootloader."
-hpa
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/