On Fri, 2014-03-14 at 08:54 -0700, Kees Cook wrote: > All the more reason to ignore command line at this point. For Chrome > OS, it's part of our boot state, so we don't care about it. For > generic Secure Boot, we can add checks for dangerous stuff as we go > forward. That's why I like this interface -- we can add to it as we > identify bad stuff, and it stay separate from other semantics. Sure, it's just another reason not to want to use a capability-based interface - not all the policy we want to impose is related to processes, so capabilities really don't make sense. The current patchset adds a restriction to the acpi_rsdp argument, and I've no objection to adding one to limit the use of mem=. -- Matthew Garrett <matthew.garrett@xxxxxxxxxx> ��.n��������+%������w��{.n�����{����*jg��������ݢj����G�������j:+v���w�m������w�������h�����٥