Alan Cox wrote:
That reminds me, there have been suggestions in the past that we should
do a security freeze after probing and configuring.
And as has been observed previously from a security perspective there is
no point.
Break into box
security freeze - annoying
Patch boot block to load my disk destroyer
Reboot
You need to the security freeze in the firmware at boot, or it is the
same whether you do it in kernel or in the initrd or early boot, except
that its pagable code, its configurable and its easier to work with when
it is in user space.
Paranoid people get PCI boot roms that lock their disks.
Certainly.
But I argue that doing it late is better than not doing it at all.
Jeff
-
To unsubscribe from this list: send the line "unsubscribe linux-ide" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
