[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security

Matthew Garrett mjg59 at srcf.ucam.org
Wed Jun 27 18:22:26 UTC 2012


On Wed, Jun 27, 2012 at 11:20:54AM -0700, Stephen Hemminger wrote:

> It is even worse that that. What about hardware that has test
> registers. I know of boards that have ability to write DMA to arbitrary
> locations by programing the registers.  This means it would be impossible
> to allow this PCI space to be written from user mode processes. Extending
> that to the general case, it would make user mode control of hardware
> illegal. Probably need to disable all userspace device access if doing
> this crap. Alternatively, we have to add another security layer to deal
> with signed applications.

Yes, no PCI access from userspace. My current patchset is 
http://www.codon.org.uk/~mjg59/tmp/ftsoefi/

-- 
Matthew Garrett | mjg59 at srcf.ucam.org


More information about the Ksummit-2012-discuss mailing list