>>>> I want to use a monolithic kernel (loadable module support disabled) for >>>> security reasons. The in-kernel-driver for the network card (bnx2) needs >>>> firmware to be loaded. Of course, when the kernel boots there is no >>>> filesystem available from where the firmware can be loaded nor a firmware >>>> loader agent. >>>You can also compile firmware in kernel in which case request from >>>driver will be transparently served by compiled-in firmware. >>> >>>Not sure when compiled-in firmware support was introduced first. Check >>>for CONFIG_FIRMWARE_IN_KERNEL. >> Unfortunately, for the kernel I'm using (2.6.26 from Debian Lenny), this is >> not the case. >> >> Is there no other possibility to accomplish this? For example, kind of >> postpone loading of the driver? >Yeah, you should use a recent kernel. :) > >You can try to unbind/bind the driver from/to the device with >/sys/bus/pci/drivers/*/*bind. For some drivers it works that way. > >Anyway, it's probably easier to leave it as a module. There are >thousand ways to get code into the running kernel with the right >permissions, disabling the module loader does not really add security. Ah really? Even if /dev/kmem is disabled in the kernel? So, you mean it's not worth the pain of having a monolithic kernel concerning security? But still, besides this unbind/bind stuff or more recent kernel, is there really no other solution to have a in-kernel-driver needing firmware? You know, I'd like to stick with the kernel source provided by Debian just because of security updates. Thanks and Cheers, Phil -- To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
