> That said, I'm not sure how many non-root users run the toolkit to
> extract their EFI certificates or check on the secure boot status of
> the system, but I suspect it might be non-zero: I can see the tinfoil
> hat people wanting at least to check the secure boot status when they
> log in.
Another fix option might be to rate limit EFI calls for non-root users (on X86
since only we have the SMI problem). That would:
1) Avoid using memory to cache all the variables
2) Catch any other places where non-root users can call EFI
-Tony
��.n��������+%�������w��{.n�����{����*�jg���������ݢj�����G��������j:+v���w�m������w�������h�����٥
