1. Immunity to buggy firmware introducing mem corruption or vulns. 2. Reset or disable the device. 3. Vars are all virtual; you can reset at every init.
-
-
1. It can still trash various board level devices 2. Uh, what? How do you reset the firmware? (Answer: You reboot the PC) 3. This defeats the entire reason of writing firmware vars which is reconfiguring it and/or preserving data across boots
1 reply 0 retweets 1 like -
1. Depends on what you allow it access to. 2. You run the virtualized reset code or use pm interfaces to hard power-cycle the specific device. 3. Yes, getting rid of statefullness is part of the point.
1 reply 0 retweets 0 likes -
except, you know, I *want* to be able to adjust the boot options from within my OS
3 replies 0 retweets 1 like -
That's reasonable, if it happens under the full control and authorization of the OS. It's not if it happens behind the OS's back through sketchy unseen and unreviewed code.
2 replies 0 retweets 0 likes -
It happens because the OS calls the SetVariable function which exists for this purpose
1 reply 0 retweets 0 likes -
If you allow EFI code from system or peripheral firmware to run on the metal, it can happen any time they decide they want to. That's the problem. It should _only_ be possible when OS does it.
1 reply 0 retweets 0 likes -
No. It can only happen when the OS calls into said EFI code. Functions don't just call themselves
1 reply 0 retweets 1 like -
Like when some hardware driver calls into firmware on the metal in ring0 with unrestricted memory access rather than actually implementing the functionality itself.
1 reply 0 retweets 0 likes -
The only times the kernel calls into UEFI are To exit boot services mode To ger/set firmware variables As a last ditch way of rebooting As a last ditch way of getting/setting the time (no RTC driver) To set wake from power off timers
2 replies 0 retweets 0 likes
That's a smaller set than I expected, but still much more than it should be, and would benefit from virtualization if the user wants any of that functionality.
-
-
Replying to @RichFelker @erincandescent and
Fortunately there's always: # CONFIG_EFI is not set
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.