18 Jul
2022
18 Jul
'22
6:34 p.m.
On Mon, Jul 18, 2022 at 9:28 AM Borislav Petkov bp@suse.de wrote:
So I'm being told we need to untrain on return from EFI to protect the kernel from it.
Why would we have to protect the kernel from EFI?
If we can't trust EFI, then the machine is already compromised. We just *called* an EFI routine, if EFI is untrusted, it did something random.
I mean, it could have already done something bad at boot time when it loaded the kernel.
So no, let's not "protect ourselves from EFI".
Linus