Re: [PATCH v3] x86, efi: Calling __pa() with an ioremap'd addressis invalid

[Matthew Garrett]

On Mon, Nov 07, 2011 at 12:57:40PM -0800, H. Peter Anvin wrote:
> On 11/07/2011 12:48 PM, Matthew Garrett wrote:
> > 
> > If the kernel is able to call boot services then the kernel needs to be 
> > signed. If it's all handled by the bootloader then the bootloader can be 
> > signed and the kernel doesn't have to be. Depends which one people 
> > update more, I guess.
> > 
> 
> ... and what security attributes they are looking for.

Yup.

> However, "EFI stub in the kernel" doesn't mean "can't use an external
> bootloader."

Agreed. It just means that we're still plausibly going to need some 
handshaking between them. Alternatively, as long as the bootloader 
passes us the memory map, we can just ignore any E820 map it gives us 
anyway.

-- 
Matthew Garrett | mjg59@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/