Port-amd64 archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: RFC: cpu microcode loading support

On Fri, Dec 16, 2011 at 04:17:50PM +0100, Christoph Egger wrote:
> On 12/15/11 18:43, Christoph Egger wrote:
> kauth(9) is implemented as requested from tls@ and also
> uses xc_broadcast(9) to automatically apply the ucode patch on all cpus.


Maybe I am missing this by looking at the patch out of context, but it
looks like we're allowing microcode update if "isroot" without reference
to securelevel.  It seems to me this operation should be allowed only at
securelevel < 1.  Am I misreading this or is an additional check required?


Home | Main Index | Thread Index | Old Index