[SeaBIOS] [PATCH 1/2] Add an option to only execute option ROMs contained in CBFS
Timothy Pearson
tpearson at raptorengineeringinc.com
Sun Feb 15 01:33:59 CET 2015
On 02/14/2015 11:02 AM, Kevin O'Connor wrote:
> On Fri, Feb 13, 2015 at 04:35:08PM -0500, Kevin O'Connor wrote:
>> On Fri, Feb 13, 2015 at 02:09:05PM -0600, Timothy Pearson wrote:
>>> This patch in particular guarantees that no matter what devices are plugged
>>> in (e.g. long after the BIOS has been flashed) they will not have their
>>> option ROMs executed. Its primary use is for those who want a blob-free
>>> system, e.g. for high-security applications.
>>
>> That makes sense, but I think it needs to be a runtime setting. I'll
>> see if I can put together a quick patch to better show what I mean.
>
> Below is an example of what I was suggesting (untested). The patch
> below uses the file "/etc/pci-optionroms" - 0 means don't run any
> option roms, 1 means run only the option rom for the primary vga
> device, 2 means run option roms for only non-vga devices, and 3 means
> run all option roms (the default).
>
> -Kevin
<patch snipped>
That's fine with me; it retains the same basic functionality but allows
slightly more control.
Before I test and put together a formal patch submission are there any
objections from anyone else?
--
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645
http://www.raptorengineeringinc.com
More information about the SeaBIOS
mailing list