

ACPI, firmware, and your security - noahl
http://www.markshuttleworth.com/archives/1332

======
noahl
On his Google+ page, Shuttleworth says

    
    
      There's a big debate on at the moment about whether to
      adopt historical, insecure-by-design 'standards' into the
      next generation of cloud server systems. ACPI, and the whole
      PC firmware blob mess, are attack vectors that we cannot ever
      fix. We should not design them into the systems that we and
      others will depend on being trustworthy.﻿
    

So it looks like this is about servers, and not (necessarily?) phones.

(edit: formatting)

------
fulafel
Context: HW vendors push to get ACPI on ARM servers,
[https://lwn.net/Articles/574439/](https://lwn.net/Articles/574439/)

------
yuhong
Well, on x86 there is already SMM and it predates ACPI by years. I believe
that ARM SBSA is targeted at only servers, where even HP don't restrict access
to firmware updates that solve security bugs.

