My point here is we should focus on ACPI support for Linux OS and leave the security topics to UEFI secure boot, trusted firmware groups. In US, we have NIST publications 800-147, 800-147b and 800-155 to address BIOS security issues. As compared with the widely used x86 serves, the firmware in AArch64 is more secure because of the 4 exception level architecture. Up to today, I do not aware any security attack incidents through AML.
-----Original Message----- From: One Thousand Gnomes [mailto:gnomes@lxorguk.ukuu.org.uk] Sent: Thursday, January 08, 2015 2:20 PM To: Kangkang Shen Cc: Arnd Bergmann; Jason Cooper; Rob Herring; Daniel Lezcano; Robert Richter; linaro-acpi@lists.linaro.org; Marc Zyngier; Jon Masters; Randy Dunlap; Liviu Dudau; Robert Moore; Will Deacon; linux-kernel@vger.kernel.org; linux-acpi@vger.kernel.org; Mark Brown; Rafael J. Wysocki; Lv Zheng; Catalin Marinas; Bjorn Helgaas; "linux-arm-kernel@lists.infradead.org" linux-arm-kernel@lists.infradead.org, Olof Johansson olof@lixom.net"@lxorguk.ukuu.org.uk Subject: Re: [Linaro-acpi] [PATCH v5 18/18] Documentation: ACPI for ARM64
On Thu, 8 Jan 2015 19:59:23 +0000 Kangkang Shen Kangkang.Shen@huawei.com wrote:
Security is a much big scale issue. The industry has all kind of solutions to deal with firmware security. In ARM system, the Firmware has been designed with higher privilege/security than OS. I will suggest we trust firmware security and focus on Linux itself.
Security works by trusting nothing, by questioning every assumption. I'm sure there are a lot of governments would prefer everyone just carried on trusting them as they have a higher privilege/security level....