https://twitter.com/FirmwareEngine/status/710460703048511488
http://lkml.iu.edu/hypermail/linux/kernel/1603.2/01137.html
For the next Linux kernel, there are some new UEFI improvements to look forward to. Excerpting email from Ingo Molnar:
The main changes are:
– Use separate EFI page tables when executing EFI firmware code. This isolates the EFI context from the rest of the kernel, which has security and general robustness advantages. (Matt Fleming)
– Run regular UEFI firmware with interrupts enabled. This is already the status quo under other OSs. (Ard Biesheuvel)
– Various x86 EFI enhancements, such as the use of non-executable attributes for EFI memory mappings. (Sai Praneeth Prakhya)
– Various arm64 UEFI enhancements. (Ard Biesheuvel)
Firmware Security 