Shuttleworth: ACPI, firmware and your security

ACPI is a move away from secret firmware - it still lets the platform define platform-specific behavior -- which is an ongoing requirement -- but instead of actually calling into the firmware, it's actually the OS performing a series of operations defined by the firmware. This at least lets us SEE what is going on, either by runtime hooks into the AML interpreter, or by decompiling the bytecode in the ACPI DSDT. The time that the OS really loses control is when the BIOS enters SMM mode (which yes, can be triggered from ACPI). That's when you really have no idea what the firmware is doing.