[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security

Matthew Garrett mjg59 at srcf.ucam.org
Thu Jun 21 20:45:57 UTC 2012


Expertise:

UEFI, ACPI, x86 interactions with them. Power management.

Discussion:

We need to talk about what the kernel needs to provide for UEFI secure 
boot to be possible, since the alternative is miserable failure and 
Linux no longer working on x86 unless people play with the firmware. 
That's going to involve at the very least locking down module loading 
and various kernel interfaces, but figuring out what else needs to be 
covered is fairly important.

I'd also like to figure out what the plans are going to be for dealing 
with EFI and ACPI on non-x86 architectures. Right now EFI is in a 
dreadful state - large parts of the code are duplicated between ia64, 
ia32 and x86_64 and everything except x86_64 is bitrotting.

ACPI-wise, we need to be able to handle hardware that might ship with 
either ACPI or FDT - that's potentially problematic for drivers. We 
already have the issue on x86 that a driver for an ACPI device can be 
written as an ACPI driver or a PNP driver and you get different 
functionality with both. We should concentrate on merging firmware data 
sources into one more comprehensive model and just port all the drivers 
to that, but various people need to be involved in that conversation.

-- 
Matthew Garrett | mjg59 at srcf.ucam.org


More information about the Ksummit-2012-discuss mailing list