On Thu, Aug 05, 2021 at 06:00:25PM -0700, Dan Williams wrote: > That said, per-device authorization is a little bit different than > per-driver trust. Driver trust is easy to reason about for a built-in > policy, while per-device authorization is easy for userspace to reason > about for "why is this device not talking to its driver?". See my other email about how the "per driver" trust is the wrong model, you need to stick to "per device" trust. Especially given that you are giving control of your kernel drivers over to third parties, you already trust them to do the right thing. thanks, greg k-h
