[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security

Grant Likely grant.likely at secretlab.ca
Fri Jun 22 16:45:53 UTC 2012


On Thu, 21 Jun 2012 21:45:57 +0100, Matthew Garrett <mjg59 at srcf.ucam.org> wrote:
> Expertise:
> 
> UEFI, ACPI, x86 interactions with them. Power management.
> 
> Discussion:
> 
> We need to talk about what the kernel needs to provide for UEFI secure 
> boot to be possible, since the alternative is miserable failure and 
> Linux no longer working on x86 unless people play with the firmware. 
> That's going to involve at the very least locking down module loading 
> and various kernel interfaces, but figuring out what else needs to be 
> covered is fairly important.
> 
> I'd also like to figure out what the plans are going to be for dealing 
> with EFI and ACPI on non-x86 architectures. Right now EFI is in a 
> dreadful state - large parts of the code are duplicated between ia64, 
> ia32 and x86_64 and everything except x86_64 is bitrotting.
> 
> ACPI-wise, we need to be able to handle hardware that might ship with 
> either ACPI or FDT - that's potentially problematic for drivers. We 
> already have the issue on x86 that a driver for an ACPI device can be 
> written as an ACPI driver or a PNP driver and you get different 
> functionality with both. We should concentrate on merging firmware data 
> sources into one more comprehensive model and just port all the drivers 
> to that, but various people need to be involved in that conversation.

I think we've already got everything we need for this.  Many drivers have
been changed now to support either FDT or platform_data.  Usually only
the .probe hook needs to be updated to determine the data source
before initializing the device.

g.



More information about the Ksummit-2012-discuss mailing list