Re: [RFC] Restrict the untrusted devices, to bind to only a set of "whitelisted" drivers

From: Pavel Machek
Date: Tue Jun 30 2020 - 17:46:42 EST


Hi!

> > > I think that's inherently platform specific to some extent. We can do
> > > it with our coreboot based firmware, but there's no guarantee other
> > > vendors will adopt the same approach. But I think at least for the
> > > ChromeOS ecosystem we can come up with something that'll work, and
> > > allow us to dtrt in userspace wrt driver binding.
> >
> > Agree, we can work with our firmware teams to get that right, and then
> > expose it from kernel to userspace to help it implement the policy we
> > want.
>
> This is already in the spec for USB, I suggest working to get this added
> to the other bus type specs that you care about as well (UEFI, PCI,
> etc.)

Note that "you can only use authorized SSD and authorized WIFI card in
this notebook" was done before, but is considered antisocial.

Best regards,
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Attachment: signature.asc
Description: PGP signature