[SeaBIOS] [PATCH 1/2] Add an option to only execute option ROMs contained in CBFS
Paul Menzel
paulepanter at users.sourceforge.net
Sun Feb 15 11:34:51 CET 2015
Am Samstag, den 14.02.2015, 18:33 -0600 schrieb Timothy Pearson:
> On 02/14/2015 11:02 AM, Kevin O'Connor wrote:
> > On Fri, Feb 13, 2015 at 04:35:08PM -0500, Kevin O'Connor wrote:
> >> On Fri, Feb 13, 2015 at 02:09:05PM -0600, Timothy Pearson wrote:
> >>> This patch in particular guarantees that no matter what devices are plugged
> >>> in (e.g. long after the BIOS has been flashed) they will not have their
> >>> option ROMs executed. Its primary use is for those who want a blob-free
> >>> system, e.g. for high-security applications.
> >>
> >> That makes sense, but I think it needs to be a runtime setting. I'll
> >> see if I can put together a quick patch to better show what I mean.
> >
> > Below is an example of what I was suggesting (untested). The patch
> > below uses the file "/etc/pci-optionroms" - 0 means don't run any
> > option roms, 1 means run only the option rom for the primary vga
> > device, 2 means run option roms for only non-vga devices, and 3 means
> > run all option roms (the default).
> >
> > -Kevin
>
> <patch snipped>
>
> That's fine with me; it retains the same basic functionality but allows
> slightly more control.
>
> Before I test and put together a formal patch submission are there any
> objections from anyone else?
Besides the file name, I do not have any objections.
Maybe use `/etc/pci-optionrom-exec` and use 0 for running no Option
ROMs, 1 for running all Option ROMs, 2 for running Option ROM of primary
VGA device and 3 for Option ROMs of non-VGA devices.
Thanks,
Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <http://www.seabios.org/pipermail/seabios/attachments/20150215/08f2578c/attachment.asc>
More information about the SeaBIOS
mailing list