On 03/19/2013 05:32 AM, Matthew Garrett wrote: > From: Josh Boyer <jwboyer@xxxxxxxxxx> > > This option allows userspace to pass the RSDP address to the kernel. This > could potentially be used to circumvent the secure boot trust model. > We ignore the setting if we don't have the CAP_COMPROMISE_KERNEL capability. > > Signed-off-by: Josh Boyer <jwboyer@xxxxxxxxxx> > --- > drivers/acpi/osl.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c > index 586e7e9..0ef63f1 100644 > --- a/drivers/acpi/osl.c > +++ b/drivers/acpi/osl.c > @@ -245,7 +245,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp); > acpi_physical_address __init acpi_os_get_root_pointer(void) > { > #ifdef CONFIG_KEXEC > - if (acpi_rsdp) > + if (acpi_rsdp && capable(CAP_COMPROMISE_KERNEL)) > return acpi_rsdp; > #endif > > This does not work because capable is not usable at this early point. Josh, could you update your fix here? -- Thanks Dave -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html