- A device is just forbidden from anything using it - A device used only with untrusted memory - A device is usable with trusted memory IMHO this determination needs to be made before the device driver is bound. The kernel will self-accept a bunch of platform devices, but something like the boot volume's device will need something to go look and approve it. Today the kernel self-approves untrusted devices, but this is perhaps not a great idea in the long run. It is definately not a good idea for trusted devices. Jason
