[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-pci
Subject:    Re: [RFC] Restrict the untrusted devices, to bind to only a set of "whitelisted" drivers
From:       Pavel Machek <pavel () denx ! de>
Date:       2020-06-30 21:46:09
Message-ID: 20200630214609.GB7113 () duo ! ucw ! cz
[Download RAW message or body]


Hi!

> > > I think that's inherently platform specific to some extent.  We can do
> > > it with our coreboot based firmware, but there's no guarantee other
> > > vendors will adopt the same approach.  But I think at least for the
> > > ChromeOS ecosystem we can come up with something that'll work, and
> > > allow us to dtrt in userspace wrt driver binding.
> > 
> > Agree, we can work with our firmware teams to get that right, and then
> > expose it from kernel to userspace to help it implement the policy we
> > want.
> 
> This is already in the spec for USB, I suggest working to get this added
> to the other bus type specs that you care about as well (UEFI, PCI,
> etc.)

Note that "you can only use authorized SSD and authorized WIFI card in
this notebook" was done before, but is considered antisocial.

Best regards,
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]