On Tue, Mar 19, 2013 at 04:47:27PM +0800, Dave Young wrote: > On 03/19/2013 05:32 AM, Matthew Garrett wrote: > > From: Josh Boyer <jwboyer@xxxxxxxxxx> > > > > This option allows userspace to pass the RSDP address to the kernel. This > > could potentially be used to circumvent the secure boot trust model. > > We ignore the setting if we don't have the CAP_COMPROMISE_KERNEL capability. > > > > Signed-off-by: Josh Boyer <jwboyer@xxxxxxxxxx> > > --- > > drivers/acpi/osl.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c > > index 586e7e9..0ef63f1 100644 > > --- a/drivers/acpi/osl.c > > +++ b/drivers/acpi/osl.c > > @@ -245,7 +245,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp); > > acpi_physical_address __init acpi_os_get_root_pointer(void) > > { > > #ifdef CONFIG_KEXEC > > - if (acpi_rsdp) > > + if (acpi_rsdp && capable(CAP_COMPROMISE_KERNEL)) > > return acpi_rsdp; > > #endif > > > > > > This does not work because capable is not usable at this early point. Right. > Josh, could you update your fix here? I have. Twice. Matthew sent out a stale patch. josh -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html