[RFC 0/2] Split out firmware upgrade from CAP_SYS_ADMIN

Daniil Lunev dlunev at chromium.org
Thu Jul 22 17:59:41 PDT 2021


Signal boost on this thread for we are interested in a mechanism like that to
avoid running firmware updater with root privileges. We are looking into using
the mechanism to be able to update NVMe and SATA devices from a user with
limited permissions, and to tighten the security for eMMC device, which
currently require only RAW_IO capability to perform a firmware upgrade.



More information about the Linux-nvme mailing list