From mboxrd@z Thu Jan 1 00:00:00 1970 From: Borislav Petkov Subject: Re: Re: [PATCH v2 3/3] efi: Capsule update with user helper interface Date: Tue, 3 Mar 2015 21:49:56 +0100 Message-ID: <20150303204956.GG25768@pd.tnic> References: <20150302122955.GB24476@codeblueprint.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-efi-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Andy Lutomirski Cc: "Kweh, Hock Leong" , Matt Fleming , Sam Protsenko , Ming Lei , Greg Kroah-Hartman , "Ong, Boon Leong" , LKML , "linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" List-Id: linux-efi@vger.kernel.org On Tue, Mar 03, 2015 at 12:37:54PM -0800, Andy Lutomirski wrote: > The user *should not* be required to have write access to anything in > /lib to install a UEFI capsule that they download from their > motherboard vendor's website. /lib belongs to the distro, and UEFI > capsules do not belong to the distro. In this regard, UEFI capsules > are completely unlike your wireless card firmware, your cpu microcode, > etc. Oh oh but but, if an UEFI capsule can brick the system, a normal user would be able to brick that system then. I think we should forbid that. I agree with the rest of your note that a simple cat > /sys/... should be enough. -- Regards/Gruss, Boris. ECO tip #101: Trim your mails when you reply. --