Re: Use PCI ROMs from EFI boot services

From: Matthew Garrett
Date: Thu Dec 06 2012 - 01:19:05 EST

Next message: Mark Brown: "Re: [RFT][PATCH 1/2] regulator: palmas: Return raw register valuesas the selectors in [get|set]_voltage_sel"
Previous message: Mark Brown: "Re: [PATCH 1/3] regulators: add regulator_can_change_voltage()function"
In reply to: H. Peter Anvin: "Re: Use PCI ROMs from EFI boot services"
Next in thread: Matthew Garrett: "Re: Use PCI ROMs from EFI boot services"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Dec 05, 2012 at 05:21:44PM -0800, H. Peter Anvin wrote:
> On 12/05/2012 05:13 PM, Matthew Garrett wrote:
> >Yeah, it needs to be hidden from root - but ideally we'd be passing it to the second kernel if we kexec. Alternative would be for it to be capability bounded to a trusted signed kexec binary if we implement Vivek's IMA-based approach.
> >
>
> Either way a security flag in the type field makes sense.

I've no objection to that, although I'm not sure there's any real reason
to expose an incomplete setup_data to userspace. Any scenario in which
kexec can't read the full data is one where kexec won't be able to
call sys_kexec() anyway.

--
Matthew Garrett | mjg59@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mark Brown: "Re: [RFT][PATCH 1/2] regulator: palmas: Return raw register valuesas the selectors in [get|set]_voltage_sel"
Previous message: Mark Brown: "Re: [PATCH 1/3] regulators: add regulator_can_change_voltage()function"
In reply to: H. Peter Anvin: "Re: Use PCI ROMs from EFI boot services"
Next in thread: Matthew Garrett: "Re: Use PCI ROMs from EFI boot services"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]