of the code in Linux, which is
several thousand people. You'd probably need permission from all of
them. Good luck!
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info
that in this case, it
probably is.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http
design. I don't see any especially strong argument for
breaking that.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
VT that isn't in text mode? The vt switching is
a hack, we shouldn't make life difficult for people who have their own
userspace code that's entirely capable of restoring video state on its
own.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
will implement basic PM itself. In some cases, this works. In
others, it doesn't. There's no way to automatically determine which is
which without modifying the drivers.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message
be a regression.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
the HPA, which I guess is one interpretation of
ignore - however, naively I'd expect Ignore HPA to mean Don't touch
the HPA with the result that it would remain inaccessible to userspace.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel
On Thu, Apr 05, 2007 at 02:13:52PM +0100, Alan Cox wrote:
This one should fix the problems with slave devices and the Macintosh hang
Better, but still not happy with ata_piix - I get the following:
[ 10.972000] ata3.01: ata_hpa_resize 1: sectors = 234441648, hpa_sectors =
16337840
[
On Mon, Apr 09, 2007 at 10:22:41PM +0100, Alan Cox wrote:
Please apply Tejun's fix for LBA48 data and try again. Hopefully its just
that which is causing the problem.
Yes, that works absolutely fine now.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line
this is a loss of functionality over the
current situation.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read
On Thu, Apr 12, 2007 at 06:15:05PM +0400, Anton Vorontsov wrote:
On Thu, Apr 12, 2007 at 02:08:18PM +0100, Matthew Garrett wrote:
ACPI batteries can report capacity and rate in either mA or mW. Given
You sure, capacity in mA? Then I don't know. But you can safely
fallback and create your
and raw hardware drivers to coexist, which is made
somewhat harder by it not being a situation that the platform designers
have considered in the slightest. The suggested low-level driver for
io-port arbitration would certainly be a step forward in making this
work better.
--
Matthew Garrett
been implemented in a
fairly generalisable way.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http
stick appears to be about as widely used as the secure
part of SD, so I don't think that's intrinsically a problem.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info
drivers, that would be
a good starting point for working out what's going on.
Of course, this ignores the case where the DSDT just traps into SMM
code. That one is clearly unsolvable.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel
happening so frequently, are they?
My understanding is that pretty much arbitrary hardware access can cause
SMM transitions without OS notification, though this is getting outside
the areas I know about.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
,
+ phys_addr);
+
virt_addr = ioremap(phys_addr, width);
switch (width) {
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
On Fri, Mar 02, 2007 at 10:04:54PM +0100, Jean Delvare wrote:
On Fri, 2 Mar 2007 14:18:40 +, Matthew Garrett wrote:
In theory I /think/ so, but it would probably end up being an
overestimate of the coverage actually needed. Trapping at runtime is
arguably more elegant?
It might
this:
Oops! I'll look into fixing that. Thanks, that's an excellent point...
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo
On Sat, Mar 03, 2007 at 08:47:21AM -0700, David Hubbard wrote:
For I/O and memory that ACPI accesses and has not reserved, the AML
interpreter could allocate at run-time.
Not ideal. ACPI's already fiddling with ranges that have been reserved
by other drivers.
--
Matthew Garrett | [EMAIL
that works, it's a bit early to set a timescale.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http
of using the Sony-specific methods is small then
it's probably not really worth working out how to add it in.
Plus, implementing the generic support benefits more people :)
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body
with no root filesystem. Reverting the patch leaves things
working. This is the ubuntu tree - I can try libata-dev if you think
there's likely to be any relevant difference.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body
On Wed, Mar 28, 2007 at 01:08:52AM +0100, Matthew Garrett wrote:
ata3.01: ata_hpa_resize 1: sectors = 234441648, hpa_sectors = 0
^
Does this just indicate the lack of an hpa? If so, the
/* if no hpa, both should be equal */
comment
On Wed, Mar 28, 2007 at 01:16:10AM +0100, Matthew Garrett wrote:
comment seems to be wrong (or, alternatively, it's the
ata_read_native_max_address_ext call that's failing and returning
garbage? I'll look into that)
It's ata_read_native_max_address_ext failing, and it's fine if I use
ahci
On Wed, Mar 28, 2007 at 02:16:08AM +0100, Matthew Garrett wrote:
It's ata_read_native_max_address_ext failing, and it's fine if I use
ahci rather than ata_piix, so I'll just chalk this up to Apple's
firmware being broken (again) and putting the hardware into some sort of
I can't believe
than
sd: 2:0:1:0: timing out command, waited 180s
sd: 2:0:1:0: SCSI error: return code = 0x0028
end_request: I/O error, dev sda, sector 0
Buffer I/O error on device sda, logical block 0
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux
to be the ata_read_native_max_address_ext call that breaks it.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http
was not controlled for it to hit
128 degC.
What's going on here? Does reading an i2c sensor from the kernel
prevent something else from doing it?
The i2c drivers access the same hardware as the ACPI methods, and
there's no locking.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from
, S139), one can't issue
wakeup events (PCI0), and two seem harmlessly (?) confused (MDM and AUD are
the same PCI device, but it's the _modem_ that does wake-on-ring).
Could the MDM entry be referring to the modem codec on the ac97 or
hda bus?
--
Matthew Garrett | [EMAIL PROTECTED
we'll be forced to carry
around a sysfs API that's of no real use.
--
Matthew Garrett | [EMAIL PROTECTED]
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please
have one to hand at
the moment. It can be set at runtime already.
--
Matthew Garrett | [EMAIL PROTECTED]
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please
On Mon, Jan 14, 2008 at 12:35:54AM +, Matthew Garrett wrote:
No. This breaks on the R50e, at least - I suspect it'd also have
problems on any nvidia based machines, but I don't have one to hand at
the moment. It can be set at runtime already.
Just to clarify this further
Len, I've had no feedback on this - the backlight maintainer thinks it's
the right way to go, so I'd like to get it queued for .25 at least.
--
Matthew Garrett | [EMAIL PROTECTED]
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL
On Sun, Jan 13, 2008 at 11:57:18PM -0200, Henrique de Moraes Holschuh wrote:
On Mon, 14 Jan 2008, Matthew Garrett wrote:
not going to want the low-level ACPI code to do anything video-related
on a lot of hardware. The in-kernel modesetting code for Intel machines
will be able to handle
Some machines seem to need the backlight brightness to be reset on
resume. Add support for doing so to the video module.
Signed-off-by: Matthew Garrett [EMAIL PROTECTED]
---
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
index b8ce6dc..09a85eb 100644
--- a/drivers/acpi/video.c
+++ b
is that we shifted from Enable the apic even if the
BIOS disabled it to Only use the apic if the BIOS didn't disable it
around that time, which meant that distributions could actually turn on
apic-on-up support without breaking everything. That might correspond to
what you're seeing.
--
Matthew
.
Dumping raw ACPI tables isn't adequate - _SUN might be a complex ACPI
method with multiple reads and writes to raw hardware, and we really
don't want to do that in userspace. The only way to do this reliably is
in the kernel.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list
On Wed, Nov 14, 2007 at 09:51:51AM -0800, Greg KH wrote:
On Wed, Nov 14, 2007 at 05:44:01PM +, Matthew Garrett wrote:
Dumping raw ACPI tables isn't adequate - _SUN might be a complex ACPI
method with multiple reads and writes to raw hardware, and we really
don't want to do
to have fixed this?
--
Matthew Garrett | [EMAIL PROTECTED]
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
behaviour
should be for the functionality to be turned on unless the user
overrides it.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
on an unavilable NFS mount, I can't
suspend?
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http
to the number of actual values that can be set.
Signed-off-by: Matthew Garrett [EMAIL PROTECTED]
---
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
index 521645e..12b2adb 100644
--- a/drivers/acpi/video.c
+++ b/drivers/acpi/video.c
@@ -296,18 +296,26 @@ static int acpi_video_device_set_state
On Thu, Oct 25, 2007 at 09:06:22AM -0600, Bjorn Helgaas wrote:
But we really *should* reserve things used by opregions, shouldn't
we? After all, the whole point of resource reservation is to prevent
conflicts.
Only if you're happy to lose functionality like IDE, sadly.
--
Matthew Garrett
On Sun, Oct 28, 2007 at 08:50:33PM -0600, Bjorn Helgaas wrote:
On Saturday 27 October 2007 9:09:47 am Matthew Garrett wrote:
On Thu, Oct 25, 2007 at 09:06:22AM -0600, Bjorn Helgaas wrote:
But we really *should* reserve things used by opregions, shouldn't
we? After all, the whole point
libsmbios into the kernel isn't a good idea
(imho).
My understanding was that the current range supported the ACPI methods.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo
On Mon, Oct 29, 2007 at 03:25:31PM -0600, Bjorn Helgaas wrote:
Reserve resources used by active PNP devices to prevent those resources
from being assigned to other devices.
Yes, I think this is probably a safe approach to take.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from
.
The correct interface is rfkill, which will require this functionality
to be in-kernel anyway. I can see the argument against implementing it
in /proc/acpi/toshiba (further proc interface bloat), but not against
doing it in-kernel.
--
Matthew Garrett | [EMAIL PROTECTED]
-
To unsubscribe from
and lspci, please?
I'll try to figure out why this is wrong.
--
Matthew Garrett | [EMAIL PROTECTED]
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read
directly, which
means the attacker has already won.
Now someone just needs to write it.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http
On Wed, Oct 31, 2012 at 11:05:08AM -0400, Shea Levy wrote:
Or the boot variable where you stored the key, but in that case I'd
say the attacker has won too.
Right, in that case they can compromise MOK.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line
1) Gain root.
2) Modify swap partition directly.
3) Force reboot.
4) Win.
Root should not have the ability to elevate themselves to running
arbitrary kernel code. Therefore, the above attack needs to be
impossible.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list
.
The kernel is signed. The kernel doesn't check the signature on the
suspend image.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org
On Wed, Oct 31, 2012 at 05:21:21PM +, Alan Cox wrote:
On Wed, 31 Oct 2012 17:10:48 +
Matthew Garrett mj...@srcf.ucam.org wrote:
The kernel is signed. The kernel doesn't check the signature on the
suspend image.
Which doesn't matter. How are you going to create the tampered image
.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
On Wed, Oct 31, 2012 at 05:39:19PM +, Alan Cox wrote:
On Wed, 31 Oct 2012 17:17:43 +
Matthew Garrett mj...@srcf.ucam.org wrote:
By booting a signed kernel, not turning on swap and writing directly to
the swap partition.
Ok so the actual problem is that you are signing kernels
packages ?
That's not a modification of the files that say You have permission to
distribute unmodified versions of this file. If a lawyer says this is
fine, I'm happy.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body
On Wed, Oct 31, 2012 at 05:49:19PM +, Alan Cox wrote:
On Wed, 31 Oct 2012 17:37:50 +
Matthew Garrett mj...@srcf.ucam.org wrote:
What S4 resume check?
One you would add .. but no I'm wrong there - its a problem at the
suspend point so you do need a signature for it. Oh well yet
.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
to ensure
that they're statically linked and don't dlopen anything (including the
nsswitch modules), but otherwise that should work.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord
be able to call kexec_load().
Where trusted executables means signed by a key that's present in the
system firmware or in the kernel that's signed with a key that's present
in the system firmware, sure.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line
On Thu, Nov 01, 2012 at 09:10:56AM -0600, Khalid Aziz wrote:
On Thu, 2012-11-01 at 14:57 +, Matthew Garrett wrote:
On Thu, Nov 01, 2012 at 10:51:49AM -0400, Vivek Goyal wrote:
And if one wants only /sbin/kexec to call it, then just sign that
one so no other executable will be able
than trying to install a full linux kernel with a
compromised resume system.
There's a pretty strong distinction between Machine is exploited until
exploit is patched and Machine is exploited until drive is replaced.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send
some of which will
most certainly turn out to be real flaws.
Sure, bugs should be fixed.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http
really
care about Linux on Linux attacks, so preventing or allowing them isn't
going to get a distro key revoked.
Linux vendors may care about Linux on Linux attacks. It's all fun and
games until Oracle get Microsoft to revoke Red Hat's signature.
--
Matthew Garrett | mj...@srcf.ucam.org
reasonable for
others to feel that there are valid technical and commercial concerns to
do this properly.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info
should deal with it)
Lawyers won't remove blacklist entries.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thu, Nov 01, 2012 at 09:37:51PM +, Alan Cox wrote:
On Thu, 1 Nov 2012 21:28:43 +
Matthew Garrett mj...@srcf.ucam.org wrote:
Lawyers won't remove blacklist entries.
Fear Uncertainty and Doubt
Courts do, injunctions do, the possibilty of getting caught with theirs
hands
On Thu, Nov 01, 2012 at 09:58:17PM +, Alan Cox wrote:
On Thu, 1 Nov 2012 21:34:52 +
Matthew Garrett mj...@srcf.ucam.org wrote:
I think you've misunderstood. Blacklist updates are append only.
I think you've misunderstood - thats a technical detail that merely
alters the cost
compromised kernel on a linux system, at least as easily as the
reverse.
And if any of them are used to attack Linux, we'd expect those versions
of Windows to be blacklisted.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body
On Fri, Nov 02, 2012 at 11:30:48AM -0400, Vivek Goyal wrote:
crash utility has module which allows reading kernel memory. So leaking
this private key will be easier then you are thinking it to be.
That's not upstream, right?
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from
is to trick the user into booting a hacked linux
system from USB or DVD.
You run a binary. It pops up a box saying Windows needs your permission
to continue, just like almost every other Windows binary that's any
use. Done.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from
On Fri, Nov 02, 2012 at 05:48:31PM +, James Bottomley wrote:
On Fri, 2012-11-02 at 16:54 +, Matthew Garrett wrote:
On Fri, Nov 02, 2012 at 04:52:44PM +, James Bottomley wrote:
The first question is how many compromises do you need. Without
co-operation from windows, you
On Fri, Nov 02, 2012 at 05:57:38PM +, James Bottomley wrote:
On Fri, 2012-11-02 at 17:54 +, Matthew Garrett wrote:
? That's the message generated by the Windows access control mechanism
when you run a binary that requests elevated privileges.
So that's a windows attack vector
this is also a user-kernel exploit. Those should be fixed.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read
IPMI must be initialised before ACPI in order to ensure that any IPMI
services are available before ACPI driver initialisation attempts to use
any IPMI operation regions.
Signed-off-by: Matthew Garrett m...@redhat.com
---
drivers/Makefile | 4
drivers/char/Makefile | 1 -
2 files
of an IPMI
device. Add a callback to the ACPI IPMI driver to glue these operation
regions onto an IPMI device. Behaviour in the case of multiple controllers
may be unpredictable, but there's clearly no way to know the correct answer
in that case.
Signed-off-by: Matthew Garrett m...@redhat.com
Drivers may make calls that require the ACPI IPMI driver to have been
initialised already, so make sure that it appears earlier in the build
order.
Signed-off-by: Matthew Garrett m...@redhat.com
---
drivers/acpi/Makefile | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git
Some IPMI callbacks may want to know how many IPMI devices were registered
or perform some specific action after probing has been completed. Add a
new callback to handle that.
Signed-off-by: Matthew Garrett m...@redhat.com
---
drivers/char/ipmi/ipmi_msghandler.c | 15 +++
drivers
before any built-in ACPI drivers, and by providing support for
a fallback IPMI handler that just uses the first IPMI device in the system.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord
On Sun, Sep 23, 2012 at 12:25:40AM -0400, Len Brown wrote:
+config ACPI_INITRD_TABLE_OVERRIDE
+ bool
+ default y
Do distros in addition to SuSE concur they want to ship this way?
We certainly don't.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list
device can only have
a single HID this will only permit more specific drivers to dislodge more
generic drivers.
Signed-off-by: Matthew Garrett m...@redhat.com
---
drivers/pnp/driver.c | 42 +++---
1 file changed, 39 insertions(+), 3 deletions(-)
diff --git
This could conceivably be hotpluggable, and we may want to displace it
from devices under certain circustances, so add a release method to hand
back the resources.
Signed-off-by: Matthew Garrett m...@redhat.com
---
drivers/pnp/system.c | 30 ++
1 file changed, 26
On Tue, Sep 25, 2012 at 01:04:25PM -0600, Bjorn Helgaas wrote:
On Tue, Sep 25, 2012 at 7:25 AM, Matthew Garrett m...@redhat.com wrote:
Do you know of any scenarios besides this IPMI one where there's the
possibility of two drivers matching the same device? If so, does the
detach/attach
://lkml.org/lkml/2012/7/20/414.
Right. Keeping the spec names makes it difficult to write code in a
readable way.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info
On Wed, Oct 03, 2012 at 01:03:14PM -0700, Paul E. McKenney wrote:
That has not proven sufficient for me in the past, RCU_FAST_NO_HZ
being a case in point.
Taint the kernel at boot time? That'd be sufficient to force distros to
disable it.
--
Matthew Garrett | mj...@srcf.ucam.org
on a reasonable number of EFI platforms.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http
my recollection
of how Windows behaves so it may break something. Any chance you can
find someone with one of the machines mentioned in
https://bugzilla.kernel.org/show_bug.cgi?id=13745 and make sure that
they still work with your patch?
--
Matthew Garrett | mj...@srcf.ucam.org
to be concerned about Microsoft revocation.
Unfortunately, that's not the only set of people we have to worry about.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info
On Fri, Nov 02, 2012 at 11:38:23PM +, James Bottomley wrote:
On Fri, 2012-11-02 at 18:04 +, Matthew Garrett wrote:
A user runs a binary that elevates itself to admin. Absent any flaws in
Windows (cough), that should be all it can do in a Secure Boot world.
But if you can drop
replacing.
Revocation is done via Windows Update. If they refuse to do that, well,
lawyers, right?
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http
of keys, make sure your
bootloader is signed with a key you trust. You're guaranteed to be able
to do this on any Windows 8 certified hardware.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord
On Sat, Nov 03, 2012 at 12:03:56PM +, James Bottomley wrote:
On Sat, 2012-11-03 at 00:22 +, Matthew Garrett wrote:
Why would an attacker use one of those Linux systems? There's going to
be plenty available that don't have that restriction.
It's called best practices. If someone
signature databases and the PK. This may be implemented by simply
providing the option to clear all Secure Boot databases (PK, KEK, db,
dbx), which puts the system into setup mode.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel
this as a requirement for x86 hardware. I
belied the opposite is a requirement for arm hardware. However it's
possible that it just doesn't specifiy at all for arm.
Arm devices are Windows RT, not Windows 8.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send
On Sat, Nov 03, 2012 at 10:56:40PM +, James Bottomley wrote:
On Sat, 2012-11-03 at 13:46 +, Matthew Garrett wrote:
I... what? Our signed bootloader will boot our signed kernel without any
physically present end-user involvement. We therefore need to make it
as difficult
a physically present end user, all installs need a physically
present end user. That's not acceptable, so we need a different security
model.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord
On Mon, Nov 05, 2012 at 09:20:17AM +0100, James Bottomley wrote:
On Sun, 2012-11-04 at 13:52 +, Matthew Garrett wrote:
You don't get to punt on making the kernel secure by simply asserting
that some other system can be secure instead. The chain of trust needs
to go all the way back
instead of the local hard drive.
No, in the general case the system will do that once it fails to find a
bootable OS on the drive.
--
Matthew Garrett | mj...@srcf.ucam.org
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
On Mon, Nov 05, 2012 at 01:44:36PM +, Alan Cox wrote:
On Mon, 5 Nov 2012 12:38:58 +
Matthew Garrett mj...@srcf.ucam.org wrote:
No, in the general case the system will do that once it fails to find a
bootable OS on the drive.
So your secure system can be wiped by a random Windows
1 - 100 of 3200 matches
Mail list logo