On Wed, Jan 02, 2019 at 06:49:15PM -0600, Jeremy Linton wrote: > There is a lot of variation in the Arm ecosystem. Because of this, > there exist possible cases where the kernel cannot authoritatively > determine if a machine is vulnerable.
Really? Why not? What keeps you from "knowing" this? Can't the developer of the chip tell you? > Rather than guess the vulnerability status in cases where > the mitigation is disabled or the firmware isn't responding > correctly, we need to display an "Unknown" state. Shouldn't "Unknown" really be the same thing as "Vulnerable"? A user should treat it the same way, "Unknown" makes it feel like "maybe I can just ignore this and hope I really am safe", which is not a good idea at all. thanks, greg k-h
