On 16 February 2018 at 11:08, Borislav Petkov <[email protected]> wrote: > On Fri, Feb 16, 2018 at 10:58:47AM +0000, Ard Biesheuvel wrote: >> By your own reasoning above, that's a no-no as well. > > I'm sure we can come up with some emulation - the same way we did the > BIOS emulation. > >> But thanks for your input. Anyone else got something constructive to >> contribute? > > The not-breaking userspace is constructive contribution. The last > paragraph is my usual rant. >
Fair enough. And I am not disagreeing with you either. So question to Joe: is it well defined which variables may exhibit this behavior? Given that UEFI variables are GUID scoped, would whitelisting certain GUIDs (the ones userland currently relies on to be readable my non-privileged users) and making everything else user-only solve this problem as well?
