Re: [PATCH 10/11] acpi: Ignore acpi_rsdp kernel parameter in a secure boot environment

On Tue, Sep 04, 2012 at 09:37:32PM +0100, Matthew Garrett wrote: > On Tue, Sep 04, 2012 at 09:37:42PM +0100, Alan Cox wrote: > > > Gotta say this capability name is confusing. Naming is > > > CAP_PRE_SECURE_BOOT or something along the lines might be a better > > > choice. When I just look at this n

Re: [PATCH 10/11] acpi: Ignore acpi_rsdp kernel parameter in a secure boot environment

On Tue, Sep 04, 2012 at 09:37:42PM +0100, Alan Cox wrote: > > Gotta say this capability name is confusing. Naming is > > CAP_PRE_SECURE_BOOT or something along the lines might be a better > > choice. When I just look at this name, I sure thought this > > CAP_SECURE_FIRMWARE true means it is a secur

Re: [PATCH 10/11] acpi: Ignore acpi_rsdp kernel parameter in a secure boot environment

> Gotta say this capability name is confusing. Naming is > CAP_PRE_SECURE_BOOT or something along the lines might be a better > choice. When I just look at this name, I sure thought this > CAP_SECURE_FIRMWARE true means it is a secure boot capable firmware. Given there is nothing secure about it w

Re: [PATCH 10/11] acpi: Ignore acpi_rsdp kernel parameter in a secure boot environment

On Tue, Sep 4, 2012 at 10:38 AM, Matthew Garrett wrote: > On Tue, Sep 04, 2012 at 10:30:46AM -0600, Shuah Khan wrote: >> On Tue, Sep 4, 2012 at 9:55 AM, Matthew Garrett wrote: >> > From: Josh Boyer >> > >> > This option allows userspace to pass the RSDP address to the kernel. This >> > could po

Re: [PATCH 10/11] acpi: Ignore acpi_rsdp kernel parameter in a secure boot environment

On Tue, Sep 04, 2012 at 10:30:46AM -0600, Shuah Khan wrote: > On Tue, Sep 4, 2012 at 9:55 AM, Matthew Garrett wrote: > > From: Josh Boyer > > > > This option allows userspace to pass the RSDP address to the kernel. This > > could potentially be used to circumvent the secure boot trust model. > >

Re: [PATCH 10/11] acpi: Ignore acpi_rsdp kernel parameter in a secure boot environment

On Tue, Sep 4, 2012 at 9:55 AM, Matthew Garrett wrote: > From: Josh Boyer > > This option allows userspace to pass the RSDP address to the kernel. This > could potentially be used to circumvent the secure boot trust model. > We ignore the setting if we don't have the CAP_SECURE_FIRMWARE capabili

[PATCH 10/11] acpi: Ignore acpi_rsdp kernel parameter in a secure boot environment

From: Josh Boyer This option allows userspace to pass the RSDP address to the kernel. This could potentially be used to circumvent the secure boot trust model. We ignore the setting if we don't have the CAP_SECURE_FIRMWARE capability. Signed-off-by: Josh Boyer --- drivers/acpi/osl.c | 2 +- 1