* Ard Biesheuvel <ard.biesheu...@linaro.org> wrote:
> > Turning KASLR off actively degrades that randomization of the kernel
> > virtual
> > addresses.
> >
> > Am I missing anything?
> >
>
> No, I think you are right. UEFI runtime services region are likely to consist
> of
> R+W+X mappings for the foreseeable future on x86, and the more we tighten
> down
> security in other places, the more appealing the UEFI regions become for
> exploitation (even if they are only mapped while runtime services calls are
> in
> progress).
Ok, so I'm fine with the current proposed patch as a temporary workaround, but
only if we are going to get a real fix as well, ASAP.
Thanks,
Ingo
