On zo, 2014-04-20 at 11:12 +0200, Sébastien Luttringer wrote:
We use closed-source components on our computer everyday (BIOS, firmwares) because we trust hardware provider like Nvidia. I wouldn't says that people who have Nvidia cards and run Nvidia drivers are in an "inherently insecure" situation.
There are features in grsec which can be useful even with an Nvidia module (hide others users process, restricted ipc, etc).
The problem with Nvidia and grsecurity is that Nvidia doesn't test their drivers on grsecurity kernels. With grsecurity you alter the way the kernel works. If this alters the kernel in any way that the Nvidia binary driver doesn't expect, you'll end up with something that makes your system unstable. Supporting Nvidia on vanilla kernels is a challenge now and then because of the incompatible changes done in each version, but maintaining it for a grsecurity patched kernel is even harder.