On Tue, Jun 12, 2001 at 04:25:34PM -0700, Greywolf wrote:
> On Tue, 12 Jun 2001, Thor Lancelot Simon wrote:
> 
> # Date: Tue, 12 Jun 2001 18:20:45 -0400
> # From: Thor Lancelot Simon <tls@rek.tjls.com>
> # To: Jaromír Dolecek <jdolecek@netbsd.org>
> # Cc: port-i386@netbsd.org
> # Subject: Re: Integrate aperture driver?
> #
> # On Wed, Jun 13, 2001 at 12:12:44AM +0200, Jaromír Dolecek wrote:
> # > Hi,
> # > would there be any problem in integrating the aperture driver and MTRR code
> # > to kernel tree (i.e what is now available as /usr/pkgsrc/sysutils/aperture/) ?
> # > Virtually anyone running XFree86 4.* would like this ...
> #
> # This "driver" essentially negates the security model.  If it's going to be
> # committed, it should function *only* if securelevel < 1.
> 
> If you do this, it's no better than having options INSECURE, which is what
> we do now.  The point of the aperture driver is so that you can still have
> an otherwise secure kernel with the only defined access points being to the
> video area by the aperture driver.

That's a nice idea, but it doesn't actually work, for several
reasons.  The most obvious one is that almost all modern video
adapters include DMA engines that can access arbitrary physical
addresses.  Less obviously, what's "the video area"?  Oh yeah?
Are you sure?

Thor