-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
HI, Marc. Thanks for thoses explains. Is there a solution? especially when you have a arch Optimum GPU, where only the Intel GPU works? (yes, I know nvidia is evil!) On 6/13/19 10:55 AM, Marc Espie wrote: > On Wed, Jun 12, 2019 at 06:20:55PM +0200, Stephane HUC "PengouinBSD" wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> Hi, >> >> In the french documentation on obsd4a's wiki, I wrote: >> >> "When to add this option? >> When you see into xorg.log: >> $ head /var/log/Xorg.0.log >> [ 33.839] (WW) checkDevMem: failed to open /dev/xf86 and /dev/mem >> (Operation not permitted) >> Check that you have set 'machdep.allowaperture=1' >> in /etc/sysctl.conf and reboot your machine >> refer to xf86(4) for details >> (...) >> " >> It's right? >> >> You mention security risks and others problems. >> Which? >> Could you explain simply, please? > > Well, duh. > > allowaperture allows you to open the graphics device, which was the old > model prior to intel graphics and more. > > *if* X + inteldrm no longer needs the graphics device, it does not open > it. > > ... but it's still around. > > ... and allowaperture means some program could possibly still open it, > thus gaining low-level access to some part of the graphics card. > > The attack surface of graphics hardware being huge, it's likely you can > still do harm through that backdoor. - -- ~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD " +=<<< - ---- <me>Stephane HUC as PengouinBSD or CIOTBSD</me> <mail>b...@stephane-huc.net</mail> -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQScTRXz7kMlZfGpDZMTq98t3AMG7wUCXQIZeAAKCRATq98t3AMG 79tcAQD5+tKHzYenoVxAFzYm8noVJfbEO/qM/7AOxM7AKZZCUwEA8Hri9xFzWEZj fuguxJEm1rHIiNBkerWLJWdd08bX9gk= =t14P -----END PGP SIGNATURE-----
