On Tue, 4 Sep 2012 11:55:09 -0400 Matthew Garrett <mjg@xxxxxxxxxx> wrote: > IO port access would permit users to gain access to PCI configuration > registers, which in turn (on a lot of hardware) give access to MMIO register > space. This would potentially permit root to trigger arbitrary DMA, so lock > it down by default. You've missed a load of others, all over the kernel, let alone getting into devices with other paths to firmware reprogramming of which there are many. You need to enforce signing on request_firmware for example, and sign every firmware. -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
