On Mar 3, 2015 12:51 PM, "Borislav Petkov" <bp@xxxxxxxxx> wrote: > > On Tue, Mar 03, 2015 at 12:37:54PM -0800, Andy Lutomirski wrote: > > The user *should not* be required to have write access to anything in > > /lib to install a UEFI capsule that they download from their > > motherboard vendor's website. /lib belongs to the distro, and UEFI > > capsules do not belong to the distro. In this regard, UEFI capsules > > are completely unlike your wireless card firmware, your cpu microcode, > > etc. > > Oh oh but but, if an UEFI capsule can brick the system, a normal user > would be able to brick that system then. I think we should forbid that. Absolutely. That's why I said # uefi-load-capsule and not $ uefi-load-capsule :) > > I agree with the rest of your note that a simple > > cat <fw_blob> > /sys/... > > should be enough. > > -- > Regards/Gruss, > Boris. > > ECO tip #101: Trim your mails when you reply. > -- -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
