On 16 February 2018 at 11:08, Borislav Petkov <bp@xxxxxxxxx> wrote: > On Fri, Feb 16, 2018 at 10:58:47AM +0000, Ard Biesheuvel wrote: >> By your own reasoning above, that's a no-no as well. > > I'm sure we can come up with some emulation - the same way we did the > BIOS emulation. > >> But thanks for your input. Anyone else got something constructive to contribute? > > The not-breaking userspace is constructive contribution. The last > paragraph is my usual rant. > Fair enough. And I am not disagreeing with you either. So question to Joe: is it well defined which variables may exhibit this behavior? Given that UEFI variables are GUID scoped, would whitelisting certain GUIDs (the ones userland currently relies on to be readable my non-privileged users) and making everything else user-only solve this problem as well? -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html